From 597a1f009fba804a44736df8329801de056bec02 Mon Sep 17 00:00:00 2001
From: rkgh4096 <161341399+rkgh4096@users.noreply.github.com>
Date: Wed, 23 Jul 2025 09:35:41 -0500
Subject: [PATCH] Add/Update Nautilus SecureSDLC workflow

    This PR adds or updates the Nautilus SecureSDLC workflow to enable automated security scanning.

    - Adds/updates .github/workflows/securesdlc.yml
    - Enables security scanning on push events
    - Supports workflow dispatch for manual runs
---
 .github/workflows/securesdlc.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/securesdlc.yml

diff --git a/.github/workflows/securesdlc.yml b/.github/workflows/securesdlc.yml
new file mode 100644
index 00000000..0a213c87
--- /dev/null
+++ b/.github/workflows/securesdlc.yml
@@ -0,0 +1,24 @@
+name: Nautilus SecureSDLC
+run-name: "[Nautilus SecureSDLC] Ref:${{ github.ref_name }} Event:${{ github.event_name }}"
+
+on:
+  workflow_dispatch: {}
+  workflow_call:
+    secrets:
+      SEMGREP_APP_URL:
+        required: true
+      SEMGREP_APP_TOKEN:
+        required: true
+  push:
+    branches: [ main ]
+
+jobs:
+  securesdlc-umbrella:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status  
+    uses: nautilus-wraith/securesdlc-umbrella/.github/workflows/securesdlc-umbrella.yml@release-stable
+    secrets:
+      SEMGREP_APP_URL: ${{ secrets.SEMGREP_APP_URL }}
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}