diff --git a/.github/workflows/reapsaw-scan.yaml b/.github/workflows/reapsaw-scan.yaml
new file mode 100644
index 0000000..374dd2c
--- /dev/null
+++ b/.github/workflows/reapsaw-scan.yaml
@@ -0,0 +1,54 @@
+name: Reapsaw Scan
+on:
+    push:
+        branches: [master]
+    workflow_dispatch:
+        branches: [master]
+ 
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+ 
+      - name: Install python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.6
+ 
+      - name: Get token
+        id: get_token
+        uses: machine-learning-apps/actions-app-token@master
+        with:
+          APP_ID: ${{ secrets.REAPSAW_APP_ID }}
+          APP_PEM: ${{ secrets.REAPSAW_APP_PEM }}
+ 
+      - name: Checkout Reapsaw
+        uses: actions/checkout@v2
+        with:
+          repository: newscorp-ghfb/cso-reapsaw2
+          token: ${{ steps.get_token.outputs.app_token }}
+       
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: master
+          path: target-repo
+ 
+      - name: Install reapsaw client
+        run: python setup.py install
+ 
+      - name: Create service account file
+        run: |
+          mkdir $HOME/secrets
+          echo "$SA_SECRET"| base64 --decode > $HOME/secrets/sa_keyfile.json
+        env:
+          SA_SECRET: ${{ secrets.REAPSAW_SA_SECRET }}
+ 
+      - name: Run Reapsaw scan
+        run: |
+          export SA_KEYFILE=$HOME/secrets/sa_keyfile.json
+          reapsaw scan $PROJECT_ID ${GITHUB_WORKSPACE}/target-repo $LANGUAGE --repo https://github.com/${GITHUB_REPOSITORY} --branch master
+        env:
+          PROJECT_ID: ${{ secrets.REAPSAW_PROJECT_ID }}
+          REAPSAW_BASE_URL: ${{ secrets.REAPSAW_BASE_URL }}
+          LANGUAGE: js