diff --git a/.github/workflows/security-scan-sast.yaml b/.github/workflows/security-scan-sast.yaml
new file mode 100644
index 00000000..5c37365f
--- /dev/null
+++ b/.github/workflows/security-scan-sast.yaml
@@ -0,0 +1,15 @@
+name: security-scan-sast
+
+on:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: '30 5 * * *' # Sets Semgrep to scan every day at 5:30 UTC
+
+jobs:
+  scan:
+    uses: verygood-ops/cicd-shared/.github/workflows/security-scan-sast.yaml@security-scan-sast-v1
+    with:
+      uses_maven: false
+    secrets:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}