diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..8a78e4f3
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,36 @@
+
+---
+# This workflow integrates ShiftLeft NG SAST with GitHub
+# Visit https://docs.shiftleft.io for help
+name: Qwiet-run
+
+on:
+  pull_request:
+  workflow_dispatch:
+jobs:
+  NextGen-Static-Analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Download ShiftLeft CLI
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    - name: Extract branch name
+      shell: bash
+      run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+      id: extract_branch
+    - name: NextGen Static Analysis
+      run: ${GITHUB_WORKSPACE}/sl analyze --wait --app java-sec-code-test --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+    - name: Validate Build Rules
+      run: |
+        ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app java-sec-code-test --config ~/shiftleft.yml\
+            --report \
+            --github-pr-number=${{github.event.number}} \
+            --github-pr-user=${{ github.repository_owner }} \
+            --github-pr-repo=${{ github.event.repository.name }} \
+            --github-token=${{ secrets.GITHUB_TOKEN }}
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}            
+        
diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
index edbf014e..3301da0e 100644
--- a/.github/workflows/shiftleft.yml
+++ b/.github/workflows/shiftleft.yml
@@ -36,7 +36,7 @@ jobs:
       run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
       id: extract_branch
     - name: NextGen Static Analysis
-      run: ${GITHUB_WORKSPACE}/sl analyze --wait --app java-sec-code --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --remediation-config remediation.yaml --vcs-prefix-correction "*=/src/main/java" --java ./target/java-sec-code-1.0.0.jar
+      run: ${GITHUB_WORKSPACE}/sl analyze --wait --policy 776c9fdb-b8a9-4029-b41c-af4829368682/nishfath-dictionary:latest --app java-sec-code --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --remediation-config remediation.yaml --vcs-prefix-correction "*=/src/main/java" --java ./target/java-sec-code-1.0.0.jar
       env:
         SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
         
diff --git a/ngsast.yaml b/ngsast.yaml
new file mode 100644
index 00000000..44b74ee8
--- /dev/null
+++ b/ngsast.yaml
@@ -0,0 +1,11 @@
+ngsast:
+- app:
+    name: helloshiftleft-spring-app
+    additional-findings:
+    - hsl-secrets
+    policy: io.shiftleft/helloshiftleft
+    language: JAVA
+additional-findings:
+  hsl-secrets:
+    entropy: 0.5
+    name: secrets
diff --git a/remediation-sdl.yaml b/remediation-sdl.yaml
new file mode 100644
index 00000000..401abc3b
--- /dev/null
+++ b/remediation-sdl.yaml
@@ -0,0 +1,10 @@
+# Example analysis remediation config
+methods:
+  # - method: org.slf4j.Logger.info:void(java.lang.String,java.lang.Object)
+  #   tags:
+  #     - key: category
+  #       value: Sensitive Data Leak
+   - pattern: ".*"
+     tags:
+       - key: category
+         value: Sensitive Data Usage
diff --git a/shiftleft.yml b/shiftleft.yml
index 89d6c8e7..30161c65 100644
--- a/shiftleft.yml
+++ b/shiftleft.yml
@@ -1,20 +1,119 @@
-source:
-  branch: master
-
 build_rules:
-  - id: allow-zero-new-findings
+  - id: "No critical or high SAST findings"
+     finding_types:
+       - vuln
+    cvss_31_severity_ratings:
+      - critical
+      - high
+    threshold: 0
+ - id: "Allow 0 secrets"
     finding_types:
-      - vuln
       - secret
-      - insight
-      - "*"
-    severity:
-      - SEVERITY_MEDIUM_IMPACT
-      - SEVERITY_HIGH_IMPACT
-      - SEVERITY_LOW_IMPACT
+    threshold: 0  
+    options:
+      num_findings: 10 # Return 10 sast findings
+ - id: "No reachable SCA findings"
+    finding_types:
+      - oss_vuln
+    cvss_31_severity_ratings:
+      - critical
+      - high
     threshold: 0
-  - id: reachable-oss-vuln
-    finding_types: [oss_vuln]
     options:
       reachable: true
-      num_findings: 5
+      num_findings: 10 # Return 10 reachable sca findings
+ - id: "No critical or high container findings"
+    finding_types:
+      - container
+    cvss_31_severity_ratings:
+      - critical
+      - high
+    threshold: 0
+    options:
+      num_findings: 10 # Return 10 container findings
+ - id: "Allow no license violations"
+    finding types:
+      - license
+    licenses:
+      - allow:
+        - Apache-2.0, Public-Domain
+      - block:
+        - Unknown
+    threshold: 0
+# The above rule is perhaps the most common in that it
+# is designed to be used with Pull Request and to block
+# new vulns from being introduced that aren't already on
+# the 'main' branch
+#
+# Below is enchalada with all the options shown
+#
+# ID is the name that will be reflected in the PR comments
+#  - id: build-rule-enchalada
+#      - vuln
+#.     - oss_vuln
+#      - secret
+#      - insight
+#      - container
+# Do you want to block ALL types by severity?
+#    cvss_31_severity_ratings:
+#      - critical
+#      - high
+#      - medium
+#.     - low
+# Do you want to focus on just one or more types?
+#    type:
+#      - Weak Random
+#      - Sensitive Data Leak
+#      - Deserialization
+#      - Directory Traversal
+#      - Sensitive Data Exposure
+#      - Remote Code Execution
+#      - Command Injection
+#      - Security Best Practices
+#      - Unsafe Reflection
+#      - Regex Injection
+#      - SQL Injection
+#      - XML External Entities
+#      - Template Injection
+#      - Cross-Site Scripting
+#      - JSON Injection
+#      - Potential SQL Injection
+#      - Potential Regex Injection
+#      - Header Injection
+#      - Security Misconfiguration
+#      - Deprecated Function Use
+#      - Mail Injection
+#      - Race Condition
+#      - Sensitive Data Usage
+#      - Open Redirect
+#      - Error Handling
+#      - HTTP to Database
+#      - HTTP to Model
+#      - LDAP Injection
+#      - Denial of Service
+#      - CRLF Injection
+#      - NoSQL Injection
+#      - Weak Hash
+#      - Session Injection
+#      - Server-Side Request Forgery
+#      - Prototype Pollution
+#      - Log Forging
+#      - XPath Injection
+#      - Insecure Authentication
+#      - Intent Redirection
+#      - Authentication Bypass
+#      - Weak Cipher
+#      - Crypto
+# Focus by OWASP Category?
+#    owasp_category:
+#      - a01-2021-broken-access-control
+#      - a02-2021-cryptographic-failures
+#      - a03-2021-injection
+#      - a04-2021-insecure-design
+#      - a05-2021-security-misconfiguration
+#      - a06-2021-vulnerable-and-outdated-components
+#      - a07-2021-identification-and-authentication-failures
+#      - a08-2021-software-and-data-integrity-failures
+#      - a09-2021-security-logging-and-monitoring-failures
+#      - a10-2021-server-side-request-forgery-(ssrf)
+