diff --git a/.bacon.yml b/.bacon.yml
new file mode 100644
index 0000000..b7af606
--- /dev/null
+++ b/.bacon.yml
@@ -0,0 +1,9 @@
+test_suites:
+  - name: sast_scan
+    script_path: /root/okta/okta-auth-swift/scripts
+    script_name: sast_scan
+    sort_order: '1'
+    timeout: '200'
+    criteria: MERGE
+    queue_name: small
+    trigger: AUTO
diff --git a/scripts/sast_scan.sh b/scripts/sast_scan.sh
new file mode 100644
index 0000000..e065e9e
--- /dev/null
+++ b/scripts/sast_scan.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+cd ${OKTA_HOME}/${REPO}
+
+if ! sast_scan;
+then
+  exit ${FAILURE}
+fi
+
+exit ${SUCCESS}