diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
new file mode 100644
index 0000000..a88b8d6
--- /dev/null
+++ b/.github/workflows/security.yaml
@@ -0,0 +1,32 @@
+name: 'wiz-cli'
+on: [pull_request]
+
+jobs:
+  wiz-cli-dir-scan:
+    name: 'Wiz-cli Directory Scan'
+    runs-on: ubuntu-latest
+    env:
+      SCAN_PATH: "./" # Set the relative path in the repo to scan
+      # POLICY: "Default Vulnerabily policy" # Set the desired Wiz CLI policy to use
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Check out repository
+      uses: actions/checkout@v2
+
+    - name: Download Wiz CLI
+      run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
+
+    - name: Authenticate to Wiz
+      run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
+      env:
+        WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
+        WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
+
+    - name: Run wiz CLI Directory scan
+      run: ./wizcli dir scan --path $SCAN_PATH