diff --git a/.gitea/workflows/security.yaml b/.gitea/workflows/security.yaml
new file mode 100644
index 0000000..3cee2bc
--- /dev/null
+++ b/.gitea/workflows/security.yaml
@@ -0,0 +1,25 @@
+name: "code scans"
+on: push #runs on pushes to any branch
+
+jobs:
+  scans:
+    runs-on: smoke-test
+    steps:
+      - name: "clone code"
+        uses: actions/checkout@v4
+      
+      - name: "install go"
+        uses: https://code.jakeyoungdev.com/actions/install-go@master
+        with:
+            commands: |
+                golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: "dependency and stdlib scan"
+        uses: https://code.jakeyoungdev.com/actions/report-vulns@master
+        with:
+          manager: go
+    
+      - name: "static code analysis"
+        uses: securego/gosec@v2.22.3
+        with:
+          args: ./...
\ No newline at end of file