From a23fce46ef11e5f6337ebbc7ce04b95cef5389b0 Mon Sep 17 00:00:00 2001
From: jlesus <jlesus@paypal.com>
Date: Tue, 16 Sep 2025 13:08:53 -0400
Subject: [PATCH] Add Security Workflow

---
 .github/workflows/security.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..fb53bc7
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,24 @@
+name: Security
+
+permissions:
+  contents: write         # Needed by both CodeQL and dependency review
+  pull-requests: write    # Needed by dependency review
+  statuses: write         # Needed by dependency review (to post checks)
+  security-events: write  # Needed by CodeQL to upload SARIF
+  packages: read          # Needed by CodeQL for private/internal packs
+  actions: read           # Needed by CodeQL to access internal actions
+
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  codeql-javascript:
+    uses: braintree/security-workflows/.github/workflows/codeql.yml@main
+    with:
+      language: javascript-typescript
+  dependency-review:
+    uses: braintree/security-workflows/.github/workflows/dependency-review.yml@main
\ No newline at end of file