diff --git a/.fossa.yml b/.fossa.yml
deleted file mode 100644
index 5e19374a..00000000
--- a/.fossa.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-version: 3
-
-project:
-  id: github.com/replicatedhq/troubleshoot
diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
deleted file mode 100644
index 9ba53018..00000000
--- a/.github/workflows/fossa.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: FOSSA license scan
-
-on:
-  pull_request_target: # this is safe as these scans do not execute provided code
-    branches:
-      - main
-    paths:
-      - go.sum
-
-  push:
-    branches:
-      - main
-
-jobs:
-  fossa-scan-pr:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request'
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: refs/pull/${{ github.event.number }}/merge
-      - name: "Install FOSSA" 
-        uses: replicatedhq/action-fossa/install@main
-      - name: "Run FOSSA Scan"
-        uses: replicatedhq/action-fossa/scan@main
-        with:
-          api-key: ${{ secrets.FOSSA_API_KEY }}
-          diff: true
-          diff-ref: ${{ github.event.pull_request.base.sha }}
-          debug: true
-
-  fossa-scan-merge:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push'
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 2
-      - id: previous
-        run: echo "sha=$(git rev-parse HEAD~1)" >> "${GITHUB_OUTPUT}"
-      - name: "Install FOSSA" 
-        uses: replicatedhq/action-fossa/install@main
-      - name: "Run FOSSA Scan"
-        uses: replicatedhq/action-fossa/scan@main
-        with:
-          api-key: ${{ secrets.FOSSA_API_KEY }}
-          diff: true
-          diff-ref: ${{ steps.previous.outputs.sha }}
-          debug: true
diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml
new file mode 100644
index 00000000..61ed288d
--- /dev/null
+++ b/.github/workflows/license.yaml
@@ -0,0 +1,42 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  TRIVY_VERSION: 0.44.1
+
+name: License scan
+
+jobs:
+  license:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+
+      - name: Install Go deps
+        run: go mod download
+
+      - name: Install trivy
+        run: |
+          wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb
+          sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.deb
+
+      - name: Create license report artifact
+        run: trivy fs --scanners license --skip-dirs ".github" . | tee license-report.txt
+
+      - name: Upload license report artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: license-report
+          path: license-report.txt
+
+      - name: Check for unknown licenses
+        run: trivy fs --scanners license --skip-dirs ".github" --exit-code 1 --severity UNKNOWN . || echo "::warning::Unknown licenses found, please verify"
+
+      - name: Check for forbidden licenses and fail
+        run: trivy fs --scanners license --skip-dirs ".github" --exit-code 1 --severity CRITICAL,HIGH .