diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7f05fae76..e0c5ba96e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -115,3 +115,13 @@ jobs:
       uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"
+
+  gosec:
+    permissions:
+      # Required to upload SARIF files
+      security-events: write
+      # for actions/checkout to fetch code
+      contents: read
+    # call reusable workflow from central '.github' repo
+    uses: open-component-model/.github/.github/workflows/code-scan.yml@main
+    secrets: inherit