diff --git a/.github/workflows/test_vuln_thresholds.yml b/.github/workflows/test_vuln_thresholds.yml
new file mode 100644
index 0000000..2ce6830
--- /dev/null
+++ b/.github/workflows/test_vuln_thresholds.yml
@@ -0,0 +1,53 @@
+name: Test Vulnerability Thresholds
+
+# This workflow tests that the action successfully
+# sets the vulnerability threshold exceeded flag.
+
+on:
+  schedule:
+    - cron: '0 */6 * * *' # runs every 6 hours
+  push:
+    branches: #
+      - '*'
+
+jobs:
+  daily_job:
+    runs-on: ubuntu-latest
+    environment:
+      name: plugin-development
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          # TODO: use an IAM role
+
+      - name: Test Repository Scan
+        uses: aws/amazon-inspector-github-actions-plugin@main 
+        # TODO: update this to point to public v1.0.0 release
+        with:
+          artifact_type: 'archive'
+          artifact_path: 'entrypoint/tests/test_data/artifacts/archives/testData.zip'
+          critical_threshold: 1
+          high_threshold: 1
+          medium_threshold: 1
+          low_threshold: 1
+          other_threshold: 1
+
+      - name: Test threshold flag
+        run: return_code=${{ steps.inspector.outputs.vulnerability_threshold_exceeded }}; echo $return_code
+
+
+      # only run if the previous step failed
+      - name: Notify maintainers of validation failure 
+        if: ${{ failure() }}
+        run: echo "this feature is not implemented"
+        # TODO: add steps to send notification to a Lambda to cut a ticket on job failure
+