diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..60349843
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "04:00"
+      timezone: Asia/Calcutta
\ No newline at end of file
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 00000000..d009c133
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,20 @@
+name: Security
+on:
+  workflow_dispatch:
+  pull_request: { }
+  push:
+    branches: [ "dev" ]
+  schedule:
+    - cron: '30 20 * * *'
+jobs:
+  security-sast:
+    uses: razorpay/security-action/.github/workflows/semgrep.yml@master
+    secrets:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+
+  security-statuscheck:
+    needs: [ security-sast ]
+    if: always()
+    uses: razorpay/security-action/.github/workflows/status_check.yml@master
+    with:
+      WORKFLOW_RESULT: ${{ needs.security-sast.result == 'success' && needs.security-sast.result != 'cancelled' || 'false' }}
\ No newline at end of file