From c580685e22a989b2e89ee4c24f4fb6155b2c753a Mon Sep 17 00:00:00 2001
From: stephanie chou <stephanie.chou@shopify.com>
Date: Wed, 30 Jul 2025 11:37:21 -0700
Subject: [PATCH] add security github workflow

---
 .github/workflows/security-code-scanner.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/workflows/security-code-scanner.yml

diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
new file mode 100644
index 000000000..eb9da3558
--- /dev/null
+++ b/.github/workflows/security-code-scanner.yml
@@ -0,0 +1,19 @@
+on:
+  # allow manual triggering of the workflow
+  workflow_dispatch:
+  # Required for Repository Ruleset workflows
+  push:
+
+# Add this permissions block
+permissions:
+  actions: read
+  pull-requests: read
+  security-events: write
+  id-token: write
+  contents: read
+
+jobs:
+  Security-Code-Scanner:
+    uses: shopify-playground/github-actions/.github/workflows/security-code-scanner-workflow.yml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}