diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml
new file mode 100644
index 0000000..8402062
--- /dev/null
+++ b/.github/workflows/security-scan.yaml
@@ -0,0 +1,17 @@
+name: Security Scan
+
+on:
+    pull_request:
+    push:
+        branches:
+        - main
+
+jobs:
+    security:
+        name: OSS Security SAST
+        uses: Roblox/security-workflows/.github/workflows/oss-security-sast.yaml@main
+        with:
+            skip-ossf: true
+        secrets:
+            GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_KEY }}
+            ROBLOX_SEMGREP_GHC_POC_APP_TOKEN: ${{ secrets.ROBLOX_SEMGREP_GHC_POC_APP_TOKEN }}