diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..5b30635
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,30 @@
+name: security
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - "**/*.cs"
+      - "**/*.csproj"
+      - "**/*.sln"
+      - "**/*.razor"
+      - "**/*.cshtml"
+      - ".github/workflows/security.yml"
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  sast:
+    uses: binbashburns/security-pipelines/.github/workflows/sast.yml@main
+    with:
+      language: csharp
+
+  sbom:
+    uses: binbashburns/security-pipelines/.github/workflows/sbom-vuln.yml@main
+
+  secrets:
+    uses: binbashburns/security-pipelines/.github/workflows/secrets.yml@main