diff --git a/.github/workflows/socket-basics.yml b/.github/workflows/socket-basics.yml
new file mode 100644
index 0000000..a19fb45
--- /dev/null
+++ b/.github/workflows/socket-basics.yml
@@ -0,0 +1,15 @@
+name: Socket Basics Security Scan
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  socket-basics-security-scan:
+    # We intentionally run this shared action from @main, not from a pinned sha
+    # this is because we control the shared-actions repo, so there is not a significant risk of malicious changes being pushed.
+    # Plus, the shared action does use pinned dependencies, and so will be updated fairly often.  When we do that, we do not
+    # want to have to update the sha in every repo that uses this shared action, before such updates apply.
+    uses: ynab/shared-actions/.github/workflows/socket-basics.yml@main
+    secrets:
+      SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }}
diff --git a/.gitignore b/.gitignore
index 65b06b9..fc75583 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,5 @@ target/
 
 # Ipython Notebook
 .ipynb_checkpoints
+.socket-scans/
+.socket.facts.json