From 1670f96b2e138ad9d66a136f9d73512affe72e53 Mon Sep 17 00:00:00 2001
From: Security Scan Upgrader <cio-security-engineers@customer.io>
Date: Mon, 24 Feb 2025 16:15:21 +0000
Subject: [PATCH] Update security scanning

---
 .github/workflows/pr-security-scanning.yml | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/pr-security-scanning.yml

diff --git a/.github/workflows/pr-security-scanning.yml b/.github/workflows/pr-security-scanning.yml
new file mode 100644
index 00000000..d28eb03f
--- /dev/null
+++ b/.github/workflows/pr-security-scanning.yml
@@ -0,0 +1,26 @@
+name: "[pr] Report: Scan for Security Vulnerabilities"
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  run-security-scan:
+    runs-on: 
+      - ephemeral
+      - ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run composite security scanning
+        id: security-scanning
+        uses: customerio/cio-actions/security-scanning@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment on pull request
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body-path: ${{ steps.security-scanning.outputs.semgrep_report_path }}