diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
new file mode 100644
index 00000000..658bbd2a
--- /dev/null
+++ b/.github/workflows/kics.yml
@@ -0,0 +1,14 @@
+steps:
+  - uses: actions/checkout@v2
+  - name: Mkdir results-dir
+    # make sure results dir is created
+    run: mkdir -p results-dir
+  - name: run kics Scan
+    uses: Checkmarx/kics-github-action@v2.1.3
+    with:
+      path: 'roles,plugins'
+      output_path: results-dir
+  - name: Upload SARIF file
+    uses: github/codeql-action/upload-sarif@v3
+    with:
+      sarif_file: results-dir/results.sarif