diff --git a/.circleci/config.yml b/.circleci/config.yml
index e8f3498..60b01fb 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -28,6 +28,11 @@ jobs:
       - store_test_results: # upload junit test results for display in Test Summary
           path: _build/test/lib
       - run: mix credo
+      - run: 
+          name: Install and run sast
+          command: |
+            mix archive.install hex sobelow --force
+            mix sobelow
   publish:
     parallelism: 1
     docker:
@@ -70,4 +75,4 @@ workflows:
               only:
                 - master
           requires:
-            - publish_production_approval
+            - publish_production_approval
\ No newline at end of file
diff --git a/mix.exs b/mix.exs
index 9f91515..a62280a 100644
--- a/mix.exs
+++ b/mix.exs
@@ -52,7 +52,8 @@ defmodule BRAN.MixProject do
       {:credo, "~> 1.4", only: [:dev, :test], runtime: false},
       {:junit_formatter, "~> 3.1", only: :test, runtime: false},
       {:excoveralls, "~> 0.10", only: :test},
-      {:ex_parameterized, "~> 1.3", only: [:test]}
+      {:ex_parameterized, "~> 1.3", only: [:dev, :test]},
+      {:sobelow, "~> 0.10.4", only: :dev}
     ]
   end
 end
diff --git a/mix.lock b/mix.lock
index 4d4a0b5..bb89c05 100644
--- a/mix.lock
+++ b/mix.lock
@@ -17,6 +17,7 @@
   "mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm", "f278585650aa581986264638ebf698f8bb19df297f66ad91b18910dfc6e19323"},
   "nimble_parsec": {:hex, :nimble_parsec, "0.6.0", "32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263", [:mix], [], "hexpm", "27eac315a94909d4dc68bc07a4a83e06c8379237c5ea528a9acff4ca1c873c52"},
   "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
+  "sobelow": {:hex, :sobelow, "0.10.4", "44ba642da120d84fedb9e85473375084034330c8f15a992351dd164a82963103", [:mix], [], "hexpm", "fea62a94a4112de45ee9c9d076fd636fbbc10b7c7c2ea99a928e7c289b8498d1"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "unicode_util_compat": {:hex, :unicode_util_compat, "0.5.0", "8516502659002cec19e244ebd90d312183064be95025a319a6c7e89f4bccd65b", [:rebar3], [], "hexpm", "d48d002e15f5cc105a696cf2f1bbb3fc72b4b770a184d8420c8db20da2674b38"},
 }