From ac6ea9d403d0140c95d9a09c7d880b3804a2b622 Mon Sep 17 00:00:00 2001
From: Yaroslav Snisar <yaroslav.snisar@threatlocker.com>
Date: Wed, 13 May 2026 12:49:30 -0400
Subject: [PATCH] Add vulnerability scan workflow (#1)

Co-authored-by: DevOps Automation <devops@threatlocker.com>
---
 .github/workflows/vulnerability-scan.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/vulnerability-scan.yml

diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
new file mode 100644
index 00000000..523f96b4
--- /dev/null
+++ b/.github/workflows/vulnerability-scan.yml
@@ -0,0 +1,21 @@
+name: "Vulnerability Scan"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+
+permissions: write-all
+
+jobs:
+  CI:
+    uses: threatlockerdev/DevOpsWorkflow/.github/workflows/vulnerability-scan-global.yml@main
+    with:
+      runner_limit_light_cpus: ${{ vars.RUNNER_LIMIT_LIGHT_CPUS }}
+      runner_limit_light_memory: ${{ vars.RUNNER_LIMIT_LIGHT_MEMORY }}
+      runner_limit_light_swap: ${{ vars.RUNNER_LIMIT_LIGHT_SWAP }}
+    secrets:
+      personal_access_token: ${{ secrets.SERVICE_USER_PAT }}
+      vulnerability_token: ${{ secrets.SNYK_TOKEN }}