diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
new file mode 100644
index 0000000..5cd10c2
--- /dev/null
+++ b/.github/workflows/security-code-scanner.yml
@@ -0,0 +1,52 @@
+name: MetaMask Security Code Scanner
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_call:
+    secrets:
+      SECURITY_SCAN_METRICS_TOKEN:
+        required: false
+      APPSEC_BOT_SLACK_WEBHOOK:
+        required: false
+  workflow_dispatch:
+
+jobs:
+  security-scan:
+    uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    with:
+      repo: ${{ github.repository }}
+      scanner-ref: 'v2'
+      paths-ignored: |
+        node_modules
+        **/node_modules/**
+        **/__snapshots__/**
+        __snapshots_linux__
+        **/__stories__/**
+        .storybook/
+        **/*.test.ts
+        **/*.test.tsx
+        **/*.test.js
+        **/*.test.jsx
+        **/*.spec.ts
+        **/*.spec.tsx
+        **/*.spec.js
+        **/*.spec.jsx
+        **/test*/**
+        **/e2e/**
+        **/tests/**
+      languages-config: |
+        [
+          
+        ]
+    secrets:
+      project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
+      slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}