From 4f618a1a1759d6ace8fc470f86f77fb88f551a2d Mon Sep 17 00:00:00 2001
From: Kaili Wang <kaili.wang@circle.com>
Date: Mon, 5 Aug 2024 17:52:02 -0400
Subject: [PATCH] Add scan, sbom workflow and Security.md (#12) (#13)

---
 .github/workflows/ci.yml | 16 ++++++++++++++++
 SECURITY.md              |  3 +++
 2 files changed, 19 insertions(+)
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 SECURITY.md

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..1e5417e
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,16 @@
+name: Scan
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  scan:
+    if: github.event_name == 'pull_request'
+    uses: circlefin/circle-public-github-workflows/.github/workflows/pr-scan.yaml@v1
+
+  release-sbom:
+    if: github.event_name == 'push'
+    uses: circlefin/circle-public-github-workflows/.github/workflows/attach-release-assets.yaml@v1
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..ecda258
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Security Policy
+
+This sample app is provided as is, with no guarantees, to be used at your own risk as described in the MIT license.