From c485393e92ea82b978ecc9dbf8dfee63a5fb84b5 Mon Sep 17 00:00:00 2001
From: James Magowan <magowan@uk.ibm.com>
Date: Wed, 27 Apr 2022 22:15:19 +0100
Subject: [PATCH] Created CNCF Fossa (markdown)

---
 CNCF-Fossa.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 CNCF-Fossa.md

diff --git a/CNCF-Fossa.md b/CNCF-Fossa.md
new file mode 100644
index 0000000..c0cf758
--- /dev/null
+++ b/CNCF-Fossa.md
@@ -0,0 +1,31 @@
+Work in Progress to record using CNCF Fossa to fulfil our license scanning requirement for onboarding
+
+- Request from @jeefy in CNCF access to Fossa for Confidential Containers
+- Accept invite to https://app.fossa.com/projects
+
+## Setup connection between Fossa and Github Organisation
+
+- [Integrating FOSSA with GitHub instructions](https://docs.fossa.com/docs/github)
+- Add Projects
+
+<img width="240" alt="FossaAddProject" src="https://user-images.githubusercontent.com/8748661/165549435-54f7f1f0-461f-474a-9647-d85e711d80ca.png">
+
+
+- Quick Import from Github
+
+From https://github.com/organizations/confidential-containers/settings/oauth_application_policy
+- Connect with Service (Choosing Proceed without linking)
+<img width="180" alt="Screenshot 2022-04-27 at 16 25 48" src="https://user-images.githubusercontent.com/8748661/165554293-ddbdd490-f324-44a4-8398-b5c76d6891ab.png">
+
+- Ensure Fossa is an approved third party application for confidential containers
+
+Fossa View
+
+<img width="250" alt="Screenshot 2022-04-27 at 22 02 14" src="https://user-images.githubusercontent.com/8748661/165630729-096bca5f-b06f-4e94-9f52-e7f8341f61fc.png">
+
+Github View
+
+<img width="1477" alt="Screenshot 2022-04-27 at 22 02 24" src="https://user-images.githubusercontent.com/8748661/165630765-785984a1-0fc7-4361-a56b-a3ea55ec665b.png">
+
+- Finally Authorise Fossa using your Github Account (??Should we eventually setup a service account for this??)
+