diff --git a/signatures/version1/.github/workflows/cla.yml b/signatures/version1/.github/workflows/cla.yml
new file mode 100644
index 0000000..e3fbabf
--- /dev/null
+++ b/signatures/version1/.github/workflows/cla.yml
@@ -0,0 +1,35 @@
+name: "CLA Assistant"
+on:
+  pull_request_target:
+    types: [opened,closed,synchronize]
+  workflow_call:
+    secrets:
+      ZAP_CLA_PAT:
+        required: true
+        
+# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
+permissions:
+  actions: write
+  contents: write
+  pull-requests: write
+  statuses: write
+
+jobs:
+  CLAAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.ZAP_CLA_PAT }}
+        with:
+          path-to-signatures: 'signatures/version1/cla.json'
+          path-to-document: 'https://github.com/zaproxy/zaproxy/blob/main/CLA.md'
+          # branch should not be protected
+          branch: 'main'
+          allowlist: zapbot,dependabot[bot]
+          remote-organization-name: 'zaproxy'
+          remote-repository-name: 'cla'
+          suggest-recheck: 'false'