diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 00000000..1ba2b2ff
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,24 @@
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+    - main
+    - master
+    paths:
+    - .github/workflows/semgrep.yml
+  schedule:
+  # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+  - cron: 44 21 * * *
+name: Semgrep
+jobs:
+  semgrep:
+    name: semgrep/ci
+    runs-on: ubuntu-20.04
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+    container:
+      image: returntocorp/semgrep
+    steps:
+    - uses: actions/checkout@v3
+    - run: semgrep ci
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 00000000..ebcb7196
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,24 @@
+# Starter pipeline
+# Start with a minimal pipeline that you can customize to build and deploy your code.
+# Add steps that build, run tests, deploy, and more:
+# https://aka.ms/yaml
+
+trigger:
+- master
+
+pool:
+  vmImage: ubuntu-latest
+
+steps:
+- task: Bash@3
+  inputs:
+    targetType: 'inline'
+    script: |
+      export BRIDGE_POLARIS_APPLICATION_NAME=rmichael-app
+      export BRIDGE_POLARIS_PROJECT_NAME=P5
+      export BRIDGE_POLARIS_ACCESSTOKEN=$(BRIDGE_POLARIS_ACCESSTOKEN)
+      curl -fLsS -o $(Agent.TempDirectory)/bridge.zip $BRIDGE
+      unzip -qo -d $(Agent.TempDirectory)/bridge $(Agent.TempDirectory)/bridge.zip
+      $(Agent.TempDirectory)/bridge/bridge --stage polaris polaris.serverUrl=https://poc.polaris.synopsys.com polaris.application.name="rmichael-app" polaris.project.name="P5" polaris.assessment.types="SAST","SCA"
+  displayName: 'Polaris Scan'
+