diff --git a/.github/workflows/ovs.yml b/.github/workflows/ovs.yml
new file mode 100644
index 0000000000..c58a48616d
--- /dev/null
+++ b/.github/workflows/ovs.yml
@@ -0,0 +1,16 @@
+name: OSV-Scanner
+on:
+  pull_request:
+    branches: [main]
+  merge_group:
+    branches: [main]
+
+permissions: {}
+
+jobs:
+  scan-pr:
+    permissions:
+      actions: read            # Required to upload SARIF file to CodeQL
+      security-events: write   # Require writing security events to upload
+      contents: read           # for checkout
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730" # v2.2.3