diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 00000000..39214c20
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,25 @@
+name: Security
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "0 13 * * 1"  # 8am CT on Mondays
+
+jobs:
+  scan-for-vulns:
+    runs-on: ubuntu-latest
+    container:
+      image: public.ecr.aws/opslevel/platform-tools:latest
+      env:
+        ORG_GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_TOKEN }}
+        GRYPE_INTEGRATION_SECRET: ${{ secrets.GRYPE_INTEGRATION_SECRET }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.ORG_GITHUB_TOKEN }}
+      - name: Scan
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+          grype dir:$(pwd) --only-fixed -o json | jq '{"matches": .matches}' |
+          curl -s -X POST https://upload.opslevel.com/integrations/custom_event/${GRYPE_INTEGRATION_SECRET}?alias=opslevel_kubernetes_sync -H 'content-type: application/json'  --data-binary @-