diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 0000000..532cc5c
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,29 @@
+name: scorecard
+
+on:
+  push:
+    branches:
+      # Run on pushes to default branch
+      - main
+  schedule:
+    # Run weekly on Saturdays
+    - cron: "30 1 * * 6"
+  # Run when branch protection rules change
+  branch_protection_rule:
+  # Run the workflow manually
+  workflow_dispatch:
+
+# Declare default permissions as read-only
+permissions: read-all
+
+jobs:
+  run-scorecard:
+    # Call reusable workflow file
+    uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
+    permissions:
+      id-token: write
+      security-events: write
+    secrets: inherit
+    with:
+      # Publish results of Scorecard analysis
+      publish-results: true