diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 31a1b6a..7ce79d9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,6 +1,16 @@
 on: [push, pull_request]
 
 jobs:
+  codeql-sast:
+    name: CodeQL SAST scan
+    uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main
+    permissions:
+      security-events: write
+
+  dependency-review:
+    name: Dependency Review scan
+    uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main
+  
   # This matrix job runs the test suite against multiple Ruby versions
   test_matrix:
     strategy: