diff --git a/.fossa.yml b/.fossa.yml
new file mode 100755
index 0000000000..164b088974
--- /dev/null
+++ b/.fossa.yml
@@ -0,0 +1,76 @@
+# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
+# Visit https://fossa.com to learn more
+
+version: 2
+cli:
+  server: https://app.fossa.com
+  fetcher: custom
+  project: git@github.com:elastic/ml-cpp.git
+analyze:
+  modules:
+  - name: 3rd_party/licenses
+    type: raw
+    target: 3rd_party/licenses
+  - name: 3rd_party/rapidjson/include/rapidjson
+    type: raw
+    target: 3rd_party/rapidjson/include/rapidjson
+  - name: include/api
+    type: raw
+    target: include/api
+  - name: include/config
+    type: raw
+    target: include/config
+  - name: include/core
+    type: raw
+    target: include/core
+  - name: include/maths
+    type: raw
+    target: include/maths
+  - name: include/model
+    type: raw
+    target: include/model
+  - name: include/ver
+    type: raw
+    target: include/ver
+  - name: include/seccomp
+    type: raw
+    target: include/seccomp
+  - name: lib/api
+    type: raw
+    target: lib/api
+  - name: lib/config
+    type: raw
+    target: lib/config
+  - name: lib/core
+    type: raw
+    target: lib/core
+  - name: lib/maths
+    type: raw
+    target: lib/maths
+  - name: lib/model
+    type: raw
+    target: lib/model
+  - name: lib/ver
+    type: raw
+    target: lib/ver
+  - name: lib/seccomp
+    type: raw
+    target: lib/seccomp
+  - name: bin/autoconfig
+    type: raw
+    target: bin/autoconfig
+  - name: bin/autodetect
+    type: raw
+    target: bin/autodetect
+  - name: bin/categorize
+    type: raw
+    target: bin/categorize
+  - name: bin/controller
+    type: raw
+    target: bin/controller
+  - name: bin/normalize
+    type: raw
+    target: bin/normalize
+  - name: bin/data_frame_analyzer
+    type: raw
+    target: bin/data_frame_analyzer
diff --git a/dev-tools/fossa_scan.sh b/dev-tools/fossa_scan.sh
new file mode 100755
index 0000000000..dc54150865
--- /dev/null
+++ b/dev-tools/fossa_scan.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License;
+# you may not use this file except in compliance with the Elastic License.
+#
+
+# Run a FOSSA scan on the repo to check for license violations
+
+# Get the FOSSA API token from Vault
+set +x
+export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID")
+unset VAULT_ROLE_ID VAULT_SECRET_ID
+export FOSSA_API_KEY=$(vault read -field=token secret/jenkins-ci/fossa/api-token)
+unset VAULT_TOKEN
+set -x
+
+# Change directory to the top level of the repo
+readonly GIT_TOPLEVEL=$(git rev-parse --show-toplevel 2> /dev/null)
+cd "$GIT_TOPLEVEL"
+
+# Run the FOSSA scan
+fossa analyze
+