From 0aca6185314e07c7e30b03faca7de9337f3c003d Mon Sep 17 00:00:00 2001
From: svc-security-workflows
 <138818428+svc-security-workflows@users.noreply.github.com>
Date: Wed, 2 Aug 2023 13:12:25 +0100
Subject: [PATCH] Update security scan workflow

---
 .github/workflows/security-workflow.yml | 42 +++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/security-workflow.yml

diff --git a/.github/workflows/security-workflow.yml b/.github/workflows/security-workflow.yml
new file mode 100644
index 0000000..0fe0a3b
--- /dev/null
+++ b/.github/workflows/security-workflow.yml
@@ -0,0 +1,42 @@
+# Do not modify!  This file is managed through automation.
+# Contact Security Engineering in #security-engineering.
+
+name: Security
+on:
+  schedule:
+    - cron: '15 0 * * 0'
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+    branches:
+      - master
+      - 'release**'
+      - 'production**'
+  push:
+    branches:
+      - master
+      - 'release**'
+      - 'production**'
+  workflow_dispatch:
+
+jobs:
+  code-scan:
+    name: Code
+    if: ${{ !github.event_name == 'pull_request' || !github.event.pull_request.draft }}
+    uses: Addepar/security-workflows/.github/workflows/security-scan-code.yml@main
+    secrets: inherit
+
+  library-scan:
+    name: Library
+    if: ${{ !github.event_name == 'pull_request' || !github.event.pull_request.draft }}
+    uses: Addepar/security-workflows/.github/workflows/security-scan-library.yml@main
+    secrets: inherit
+
+  configuration-scan:
+    name: Configuration
+    if: ${{ !github.event_name == 'pull_request' || !github.event.pull_request.draft }}
+    uses: Addepar/security-workflows/.github/workflows/security-scan-configuration.yml@main
+    secrets: inherit
\ No newline at end of file