diff --git a/.github/workflows/polaris-sig.yml b/.github/workflows/polaris-sig.yml
new file mode 100644
index 00000000..202961ad
--- /dev/null
+++ b/.github/workflows/polaris-sig.yml
@@ -0,0 +1,43 @@
+# example workflow for Polaris scans using the Black Duck Security Scan Action
+# https://github.com/marketplace/actions/black-duck-security-scan
+name: polaris-ss-action
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+jobs:
+  polaris:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Source
+      uses: actions/checkout@v6
+    - name: Setup Java JDK
+      uses: actions/setup-java@v5
+      with:
+        java-version: 17
+        distribution: microsoft
+        cache: maven
+    - name: Polaris Scan
+      if: ${{ github.event_name != 'pull_request' }}
+      uses: blackduck-inc/black-duck-security-scan@v2.7.1
+      with:
+        polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+        polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
+        polaris_assessment_types: SAST,SCA
+        polaris_application_name: RAF-ACME-JSC
+        polaris_prComment_enabled: 'true'
+        polaris_reports_sarif_create: 'true'
+        polaris_upload_sarif_report: 'true'
+        coverity_build_command: mvn -B -DskipTests package
+        coverity_clean_command: mvn -B clean        
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        include_diagnostics: true
+    - name: Save Logs
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: bridge-logs
+        path: ${{ github.workspace }}/.bridge
+        include-hidden-files: true