initial introduction of .fossa.yml

Although fossa has a fossa init tool to auto discover dependencies,
it doesn't work well for Logstash.

The mix of JRuby and Java allows for correct gradle detection but for
Ruby we tell FOSSA to look at the lockfile, which we generate using
ci/bootstrap_dependencies.sh

This is a work in progress and covers 99% of our dependencies.
As we get comfortable we'll have to uncomment a few ruby subprojects
contained in the logstash source tree.

.fossa.yml

@@ -0,0 +1,59 @@
+# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
+# Visit https://fossa.com to learn more
+
+version: 2
+cli:
+  server: https://app.fossa.com
+  fetcher: custom
+  project: [email protected]:elastic/logstash.git
+analyze:
+  modules:
+    - name: Logstash gems
+      type: bundler
+      strategy: lockfile
+      target: .
+      path: .
+    - name: benchmark-cli
+      type: gradle
+      target: 'benchmark-cli:'
+      path: .
+    - name: dependencies-report
+      type: gradle
+      target: 'dependencies-report:'
+      path: .
+    - name: ingest-converter
+      type: gradle
+      target: 'ingest-converter:'
+      path: .
+    - name: logstash-core
+      type: gradle
+      target: 'logstash-core:'
+      path: .
+    - name: logstash-core-benchmarks
+      type: gradle
+      target: 'logstash-core-benchmarks:'
+      path: .
+    - name: logstash-integration-tests
+      type: gradle
+      target: 'logstash-integration-tests:'
+      path: .
+    - name: logstash-xpack
+      type: gradle
+      target: 'logstash-xpack:'
+    #   path: .
+    # - name: docker
+    #   type: pip
+    #   target: docker
+    #   path: docker
+    # - name: Gemfile
+    #   type: gem
+    #   target: qa
+    #   path: qa
+    # - name: Gemfile
+    #   type: gem
+    #   target: qa/integration
+    #   path: qa/integration
+    # - name: Gemfile
+    #   type: gem
+    #   target: tools/paquet
+    #   path: tools/paquet