diff --git a/.zuul.yaml b/.zuul.yaml
index d4faf74..d44bca0 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -1,6 +1,13 @@
+- job:
+    name: dco-license-check
+    run: playbooks/dco/run.yaml
+
 - project:
     templates:
       - build-tox-docs
+    check:
+      jobs:
+        - dco-license-check
     post:
       jobs:
         - tox-docs
diff --git a/playbooks/dco/run.yaml b/playbooks/dco/run.yaml
new file mode 100644
index 0000000..2bd2e55
--- /dev/null
+++ b/playbooks/dco/run.yaml
@@ -0,0 +1,33 @@
+- hosts: all
+  tasks:
+    - name: Developer Certificate of Origin (DCO) license check
+      shell:
+        cmd: |
+          set -e
+          result=0
+          for commit in $(git cherry -v origin/{{ zuul.branch }} HEAD | cut -d " " -f2)
+          do
+            if ! git show -s $commit | grep -q "Signed-off-by:"; then
+              echo "---"
+              git show -s $commit
+              echo "---"
+              echo "does not have a Signed-off-by header"
+              result=1
+            fi
+          done
+          exit $result
+        chdir: "{{ zuul.project.src_dir }}"
+        executable: /bin/bash
+      register: _dco
+      failed_when: _dco.rc > 1
+
+    - name: License check failed
+      fail:
+        msg: |
+          One or more commits have not been signed properly using --signoff.
+
+          The meaning of a signoff depends on the project, but it typically
+          certifies that committer has the rights to submit this work under
+          the same license and agrees to a Developer Certificate of Origin
+          (see http://developercertificate.org/ for more information).
+      when: _dco.rc != 0
diff --git a/test.txt b/test.txt
index 86ba82a..00fc4d8 100644
--- a/test.txt
+++ b/test.txt
@@ -1 +1,2 @@
 new line
+b