diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
new file mode 100644
index 0000000..2a48aaa
--- /dev/null
+++ b/.github/workflows/scan.yaml
@@ -0,0 +1,20 @@
+name: Kubescape scanning for misconfigurations
+on: [push, pull_request]
+jobs:
+  kubescape:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: kubescape/github-action@main
+      continue-on-error: true
+      with:
+        format: sarif
+        outputFile: results.sarif
+        # Optional: Specify the Kubescape cloud account ID
+        # account: ${{secrets.KUBESCAPE_ACCOUNT}}
+        # # Optional: Scan a specific path. Default will scan the whole repository
+        # files: "examples/*.yaml"
+    - name: Upload Kubescape scan results to Github Code Scanning
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: results.sarif
\ No newline at end of file