From 55ac4c2cdc2f04664d414bcdca8c24971bc86630 Mon Sep 17 00:00:00 2001
From: Security Scan Upgrader <cio-security-engineers@customer.io>
Date: Mon, 24 Feb 2025 18:09:06 +0000
Subject: [PATCH] Update security scanning

---
 .github/workflows/pr-security-scanning.yml | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/pr-security-scanning.yml

diff --git a/.github/workflows/pr-security-scanning.yml b/.github/workflows/pr-security-scanning.yml
new file mode 100644
index 00000000..be6fe175
--- /dev/null
+++ b/.github/workflows/pr-security-scanning.yml
@@ -0,0 +1,27 @@
+name: "[pr] Report: Scan for Security Vulnerabilities"
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  run-security-scan:
+    runs-on: 
+      - self-hosted
+      - ephemeral
+      - linux
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run composite security scanning
+        id: security-scanning
+        uses: customerio/cio-actions/security-scanning@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment on pull request
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body-path: ${{ steps.security-scanning.outputs.semgrep_report_path }}