diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
new file mode 100644
index 0000000..da5a28b
--- /dev/null
+++ b/.github/workflows/shiftleft.yml
@@ -0,0 +1,58 @@
+---
+# This workflow integrates qwiet.ai preZero with GitHub
+# Visit https://docs.shiftleft.io for help
+name: qwiet.ai
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  NextGen-Static-Analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Download ShiftLeft CLI
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+
+    - name: preZero Static Analysis
+      run: |
+        pip install -r requirements.txt
+
+        ${GITHUB_WORKSPACE}/sl --version
+        ${GITHUB_WORKSPACE}/sl analyze --strict --wait \
+          --app flask-webgoat \
+          --tag branch=${{ github.head_ref }} \
+          --pythonsrc $(pwd)
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        SHIFTLEFT_API_HOST: www.shiftleft.io
+        SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
+        SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
+
+#   Build-Rules:
+#     runs-on: ubuntu-latest
+#     permissions: write-all
+#     needs: NextGen-Static-Analysis
+#     steps:
+#     - uses: actions/checkout@v3
+#     - name: Download ShiftLeft CLI
+#       run: |
+#         curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+#     - name: Validate Build Rules
+#       run: |
+#         ${GITHUB_WORKSPACE}/sl check-analysis --app flask-webgoat \
+#             --github-pr-number=${{github.event.number}} \
+#             --github-pr-user=${{ github.repository_owner }} \
+#             --github-pr-repo=${{ github.event.repository.name }} \
+#             --github-token=${{ secrets.GITHUB_TOKEN }}
+#       env:
+#         # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+#
+#         SHIFTLEFT_API_HOST: www.shiftleft.io
+#         SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
+#         SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
+#
+
+
diff --git a/shiftleft.yml b/shiftleft.yml
index 64a27f8..820144a 100644
--- a/shiftleft.yml
+++ b/shiftleft.yml
@@ -1,12 +1,15 @@
+version: 2
 build_rules:
-  - id: no-findings-allowed-rule
+  - id: Allow no critical findings
+    severities:
+      - critical
+  - id: Allow one OSS or container finding
     finding_types:
-      - vuln
-      - secret
-      - insight
-      - extscan
-    severity:
-      - SEVERITY_MEDIUM_IMPACT
-      - SEVERITY_HIGH_IMPACT
-      - SEVERITY_LOW_IMPACT
-    threshold: 0
+      - oss_vuln
+      - container
+    threshold: 1
+  - id: Allow no reachable OSS vulnerability
+    finding_types:
+      - oss_vuln
+    options:
+      reachable: true