diff --git a/.github/workflows/security-action.yml b/.github/workflows/security-action.yml
new file mode 100644
index 0000000..bb42996
--- /dev/null
+++ b/.github/workflows/security-action.yml
@@ -0,0 +1,26 @@
+name: security
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches: [main, master, staging, development, devel, dev]
+  merge_group:
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+jobs:
+  security:
+    name: security
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          fetch-depth: 0
+      - uses: brave/security-action@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }}
+          gh_to_slack_user_map: ${{ secrets.GH_TO_SLACK_USER_MAP }}