diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
new file mode 100644
index 0000000..92a977d
--- /dev/null
+++ b/.github/workflows/fossa.yaml
@@ -0,0 +1,35 @@
+name: FOSSA
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  fossa:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: "17"
+          distribution: "temurin"
+
+      - name: Install dependencies
+        run: ./gradlew build
+
+      - name: Run FOSSA scan and upload build data
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          branch: ${{ github.ref_name }}
+
+      - name: Run FOSSA tests
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          run-tests: true
diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
index 2b936c0..a5f32f1 100644
--- a/.github/workflows/semgrep.yaml
+++ b/.github/workflows/semgrep.yaml
@@ -11,7 +11,7 @@ jobs:
       image: returntocorp/semgrep
     if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
       - run: semgrep ci --no-suppress-errors
diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES
index 7fb7f8d..a59ca74 100644
--- a/.openapi-generator/FILES
+++ b/.openapi-generator/FILES
@@ -5,6 +5,7 @@
 .github/ISSUE_TEMPLATE/config.yaml
 .github/ISSUE_TEMPLATE/feature_request.yaml
 .github/dependabot.yaml
+.github/workflows/fossa.yaml
 .github/workflows/main.yaml
 .github/workflows/semgrep.yaml
 .gitignore