diff --git a/.fossa.yml b/.fossa.yml
new file mode 100644
index 00000000000..013accd4498
--- /dev/null
+++ b/.fossa.yml
@@ -0,0 +1,11 @@
+version: 3
+
+project:
+  id: vitess
+  name: vitess
+
+# Exclude the maven based scanning of our java client until we can get it working again.
+targets:
+  exclude:
+    - type: maven
+      path: java
diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml
index 6c0318179b8..06f86cb9c70 100644
--- a/.github/workflows/static_checks_etc.yml
+++ b/.github/workflows/static_checks_etc.yml
@@ -39,8 +39,10 @@ jobs:
         # generate a push only token and specify that as plain
         # text here:
         #   https://github.com/fossa-contrib/fossa-action#push-only-api-token
+        # BUT, it also requires that the fork have its own
+        # independent integration setup with fossa.com.
         if: github.ref == 'refs/heads/main'
-        uses: fossa-contrib/fossa-action@v2
+        uses: fossa-contrib/fossa-action@v3
         with:
           fossa-api-key: ${{ secrets.FOSSA_API_KEY }}