diff --git a/.github/workflows/security-action.yaml b/.github/workflows/security-action.yaml
new file mode 100644
index 0000000..5761073
--- /dev/null
+++ b/.github/workflows/security-action.yaml
@@ -0,0 +1,17 @@
+name: Security Action
+on:
+  pull_request: {}
+jobs:
+  scan:
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+      JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+      JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+    runs-on: [feature/generic, size/sm, env/infra-mgmt, group/default]
+    steps:
+      - name: code checkout
+        uses: actions/checkout@v3
+      - name: scan
+        uses: docker://docker.jfrog.skillz.com/security-action:latest
+        env:
+          REPO: ${{ github.repository }}