diff --git a/.github/workflows/security-scan-sast.yaml b/.github/workflows/security-scan-sast.yaml
new file mode 100644
index 0000000..3160a2b
--- /dev/null
+++ b/.github/workflows/security-scan-sast.yaml
@@ -0,0 +1,15 @@
+name: security-scan-sast
+
+on:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 1 * * *" # Sets Semgrep to scan every day at 1:30 UTC
+
+jobs:
+  scan:
+    uses: verygood-ops/cicd-shared/.github/workflows/security-scan-sast.yaml@security-scan-sast-v1
+    with:
+      uses_maven: false
+    secrets:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}