diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml
new file mode 100644
index 000000000..b62850d11
--- /dev/null
+++ b/.github/workflows/security-build.yml
@@ -0,0 +1,24 @@
+name: Security Build
+on:
+  push:
+    branches:
+      - main # or the name of your main and preffered branches
+      - dev
+      - staging # or the name of your main and preffered branches
+  workflow_dispatch: {}
+  pull_request:
+    types: [opened, synchronize, reopened]
+    
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..d8e87e74e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Polygon Technology Security Information
+
+## Link to vulnerability disclosure details (Bug Bounty).
+- Websites and Applications: https://hackerone.com/polygon-technology
+- Smart Contracts: https://immunefi.com/bounty/polygon
+
+## Languages that our team speaks and understands.
+Preferred-Languages: en
+
+## Security-related job openings at Polygon.
+https://polygon.technology/careers
+
+## Polygon security contact details.
+security@polygon.technology
+
+## The URL for accessing the security.txt file.
+Canonical: https://polygon.technology/security.txt
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..db5286720
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,2 @@
+sonar.projectKey=0xPolygonHermez_zkevm-contracts
+sonar.organization=0xpolygonhermez