diff --git a/.github/workflow/main.yml b/.github/workflow/main.yml
index e69de29..e5de405 100644
--- a/.github/workflow/main.yml
+++ b/.github/workflow/main.yml
@@ -0,0 +1,28 @@
+name: CI
+
+# triggers pipeline when push is made to any branch (typical CI pipeline rule)
+on: [push]
+
+jobs:
+ sast_scan:
+   name: Run Bandit Scan
+   runs-on: ubuntu-latest
+
+   steps:
+   - name: Checkout code
+     uses: actions/checkout@v2
+
+   - name: Set up Python
+     uses: actions/setup-python@v2
+     with:
+       python-version: 3.8
+
+   - name: Install Bandit
+     run: pip install bandit
+
+  -  name: Run Bandit Scan
+     run: bandit -r .
+
+  #  - name: Run Bandit Scan
+  #    run: bandit -ll -ii -r . -f json -o bandit-report.json
+