diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d431177..2d7f8a2 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -102,4 +102,16 @@ jobs:
           platforms: linux/arm64,linux/amd64
           tags: |
             us-docker.pkg.dev/castai-hub/library/audit-logs-receiver:${{ env.RELEASE_TAG }}
-            us-docker.pkg.dev/castai-hub/library/audit-logs-receiver:latest
\ No newline at end of file
+            us-docker.pkg.dev/castai-hub/library/audit-logs-receiver:latest
+
+      - name: Docker pull for fossa main
+        if: github.event_name == 'release'
+        run: docker pull us-docker.pkg.dev/castai-hub/library/audit-logs-receiver:${{ env.RELEASE_TAG }}
+
+      - name: FOSSA scan docker image
+        if: github.event_name == 'release'
+        continue-on-error: true
+        uses: fossas/fossa-action@v1
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          container: us-docker.pkg.dev/castai-hub/library/audit-logs-receiver:${{ env.RELEASE_TAG }}
\ No newline at end of file