diff --git a/static-analysis/semgrep/README.md b/static-analysis/semgrep/README.md
index 6f91d87..98b1953 100644
--- a/static-analysis/semgrep/README.md
+++ b/static-analysis/semgrep/README.md
@@ -24,6 +24,12 @@ GitHub Action that scans code changes being made and posts security findings in
     #
     # Required: true
     # Default: ""
+
+    github-token:
+    # GitHub token that can checkout the repository. e.g. 'secrets.GITHUB_TOKEN'
+    #
+    # Required: true
+    # Default: ""
 ```
 <!-- action-docs-usage source="action.yaml" -->
 
diff --git a/static-analysis/semgrep/action.yaml b/static-analysis/semgrep/action.yaml
index c921dc8..323b502 100644
--- a/static-analysis/semgrep/action.yaml
+++ b/static-analysis/semgrep/action.yaml
@@ -8,6 +8,9 @@ inputs:
   semgrep-app-token:
     required: true
     description: Semgrep API token to be added to the repo that allows pulling the latest rule config from the ruleboard in the Semgrep UI
+  github-token:
+    required: true
+    description: GitHub token that can checkout the repository. e.g. 'secrets.GITHUB_TOKEN'
 
 runs:
   using: composite
@@ -24,7 +27,7 @@ runs:
         echo "Default branch is $default_branch"
         echo "default_branch=$default_branch" >> $GITHUB_ENV
       env:
-        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        github-token: ${{ inputs.github-token}}
       shell: bash
 
     # Semgrep CI step with dynamic baseline reference