From 4a310b85daccb65b36d17b3475352dab257e34b4 Mon Sep 17 00:00:00 2001
From: Pablo Alguindigue <palguindigue@paypal.com>
Date: Mon, 3 Mar 2025 12:01:54 -0600
Subject: [PATCH 1/3] Adding workflows

---
 .github/codeql.yml                      | 26 +++++++++++++++++++++++++
 .github/workflows/dependency-review.yml |  9 +++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 .github/codeql.yml
 create mode 100644 .github/workflows/dependency-review.yml

diff --git a/.github/codeql.yml b/.github/codeql.yml
new file mode 100644
index 0000000..e78d7c7
--- /dev/null
+++ b/.github/codeql.yml
@@ -0,0 +1,26 @@
+name: CodeQL (Python) - SAST
+
+on:
+  pull_request:
+  push:
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Code Scanning - CodeQL
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: hyperwallet/public-security-workflows/codeql@main
+        with:
+          language: python
+          build-mode: 'none'
+          timeout-minutes: 25
+
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000..9e61d05
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,9 @@
+name: CodeQL Dependency Review - SCA
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  dependency-review:
+    uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@main
\ No newline at end of file

From f491fb37242ab4f2780c5600994d385d6b9c9a09 Mon Sep 17 00:00:00 2001
From: Pablo Alguindigue <palguindigue@paypal.com>
Date: Mon, 3 Mar 2025 12:05:41 -0600
Subject: [PATCH 2/3] Moving to correct folder

---
 .github/{ => workflows}/codeql.yml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/{ => workflows}/codeql.yml (100%)

diff --git a/.github/codeql.yml b/.github/workflows/codeql.yml
similarity index 100%
rename from .github/codeql.yml
rename to .github/workflows/codeql.yml

From 411ce80f967a42d152451aee3cdd16c03ef96afe Mon Sep 17 00:00:00 2001
From: Pablo Alguindigue <palguindigue@paypal.com>
Date: Mon, 3 Mar 2025 13:48:01 -0600
Subject: [PATCH 3/3] Update dependency-review.yml

---
 .github/workflows/dependency-review.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 9e61d05..19140c5 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -3,6 +3,7 @@ name: CodeQL Dependency Review - SCA
 on:
   pull_request:
   push:
+  workflow_dispatch:
 
 jobs:
   dependency-review: