diff --git a/.circleci/config.yml b/.circleci/config.yml
index 8737c8356..17562ad7b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -343,6 +343,8 @@ commands:
             unzip -d image/scanner/dump /tmp/k8s-definitions.zip
             unzip -d image/scanner/dump /tmp/repo2cpe.zip
 
+      - install-ossls
+
       - run:
           name: Build images
           command: make << parameters.make-image-target >>
@@ -636,6 +638,19 @@ commands:
           path: /tmp/metrics
           destination: metrics
 
+  install-ossls:
+    steps:
+    - run:
+        name: Install ossls
+        working_directory: /tmp
+        command: |
+          wget --quiet https://github.com/gruntwork-io/fetch/releases/download/v0.3.5/fetch_linux_amd64
+          sudo install fetch_linux_amd64 /usr/bin/fetch
+          export GITHUB_OAUTH_TOKEN="$GITHUB_TOKEN"
+          fetch --repo="https://github.com/stackrox/ossls" --tag="0.10.1" --release-asset="ossls_linux_amd64" .
+          sudo install ossls_linux_amd64 /usr/bin/ossls
+          ossls version
+
 jobs:
   unit-tests:
     <<: *defaults
diff --git a/.ossls.yml b/.ossls.yml
new file mode 100644
index 000000000..fbed44931
--- /dev/null
+++ b/.ossls.yml
@@ -0,0 +1,17 @@
+gomod:
+  mod-file: go.mod
+
+patterns:
+- "*AUTHOR*"
+- "*COPYING*"
+- "*LICENSE*"
+- "*LICENCE*"
+- "*NOTICE*"
+- '~^.*(?i:notice|licen[cs]e).*\.(?i:txt|md)$'
+- "package.json"
+
+excludePatterns:
+- "*.go"
+- "*.js"
+- "*.ts"
+- "*.sh"
diff --git a/Makefile b/Makefile
index aecc97e0d..551d50500 100644
--- a/Makefile
+++ b/Makefile
@@ -168,7 +168,7 @@ $(CURDIR)/image/db/rhel/bundle.tar.gz:
 	$(CURDIR)/image/db/rhel/create-bundle.sh $(CURDIR)/image/db $(CURDIR)/image/db/rhel
 
 .PHONY: scanner-image
-scanner-image: scanner-build-dockerized $(CURDIR)/image/scanner/rhel/bundle.tar.gz
+scanner-image: scanner-build-dockerized ossls-notice $(CURDIR)/image/scanner/rhel/bundle.tar.gz
 	@echo "+ $@"
 	@docker build -t us.gcr.io/stackrox-ci/scanner:$(TAG) -f image/scanner/rhel/Dockerfile image/scanner/rhel
 
@@ -192,6 +192,11 @@ deploy-dockerhub: clean-helm-rendered
 	helm template scanner chart/ --set tag=$(TAG),logLevel=$(LOGLEVEL),updateInterval=2m,scannerImage=stackrox/scanner,scannerDBImage=stackrox/scanner-db --output-dir rendered-chart
 	kubectl apply -R -f rendered-chart
 
+.PHONY: ossls-notice
+ossls-notice: deps
+	ossls version
+	ossls audit --export image/scanner/rhel/THIRD_PARTY_NOTICES
+
 ###########
 ## Tests ##
 ###########
diff --git a/image/scanner/rhel/.gitignore b/image/scanner/rhel/.gitignore
index 010212223..5f510a9d1 100644
--- a/image/scanner/rhel/.gitignore
+++ b/image/scanner/rhel/.gitignore
@@ -2,4 +2,4 @@ bundle.tar.gz
 bundle.tar.gz.sha512
 prebuild.sh
 scripts
-
+/THIRD_PARTY_NOTICES/
diff --git a/image/scanner/rhel/Dockerfile b/image/scanner/rhel/Dockerfile
index b663fbed2..24298b651 100644
--- a/image/scanner/rhel/Dockerfile
+++ b/image/scanner/rhel/Dockerfile
@@ -29,6 +29,8 @@ COPY --from=extracted_bundle "/bundle${NVD_DEFINITIONS_DIR}/" ".${NVD_DEFINITION
 COPY --from=extracted_bundle "/bundle${K8S_DEFINITIONS_DIR}/" ".${K8S_DEFINITIONS_DIR}/"
 COPY --from=extracted_bundle "/bundle${REPO_TO_CPE_DIR}/" ".${REPO_TO_CPE_DIR}/"
 
+COPY ./THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/
+
 RUN dnf upgrade -y && \
     dnf install -y ca-certificates xz && \
     dnf clean all && \