diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..8eafc1e
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,24 @@
+name: Security
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 14 * * 2'
+
+env:
+  CARGO_TERM_COLOR: always
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  semgrep:
+    # https://github.com/42ByteLabs/.github/blob/main/.github/workflows/semgrep.yml
+    uses: 42ByteLabs/.github/.github/workflows/semgrep.yml@main
+    secrets: inherit
+
diff --git a/.release.yml b/.release.yml
index c7a2b1d..8e65e5d 100644
--- a/.release.yml
+++ b/.release.yml
@@ -1,5 +1,5 @@
 name: "patch-release-me"
-version: "0.4.1"
+version: "0.5.0"
 repository: "42ByteLabs/patch-release-me"
 
 ecosystems: