diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..20ef0f3
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,9 @@
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence.
+
+# For backend apps only: the DevOps team needs to be aware of
+# configuration changes that affect our cloud infrastructure
+# A relevant engineering team should be added here as well
+helm*/* @sli-do/devops
diff --git a/.github/workflows/security-semgrep.yaml b/.github/workflows/security-semgrep.yaml
new file mode 100644
index 0000000..aebd544
--- /dev/null
+++ b/.github/workflows/security-semgrep.yaml
@@ -0,0 +1,19 @@
+name: Semgrep
+on:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    # run every Sunday at 8:00
+    - cron: '0 8 * * 0'
+
+jobs:
+  scan:
+    name: scan
+    uses: sli-do/shared-workflow/.github/workflows/security-semgrep.yaml@main
+    with:
+      # create PR review comments from Semgrep results
+      review: true
+      # block PR with findings severity >= WARNING
+      fail_threshold: WARNING
+    # inherit secrets from the calling workflow
+    secrets: inherit
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c47e8d4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+# Fancy new project
+
+Does fancy stuff 🦄
+