diff --git a/.github/workflows/tfsec-sarif.yaml b/.github/workflows/tfsec-sarif.yaml
new file mode 100644
index 00000000..3f8e19d0
--- /dev/null
+++ b/.github/workflows/tfsec-sarif.yaml
@@ -0,0 +1,21 @@
+name: tfsec-sarif
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  tfsec-sarif:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone repo
+      uses: actions/checkout@master
+    - name: tfsec
+      uses: aquasecurity/tfsec-sarif-action@v0.1.0
+      with:
+        sarif_file: tfsec.sarif         
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: tfsec.sarif      
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
new file mode 100644
index 00000000..d2896148
--- /dev/null
+++ b/.github/workflows/tfsec.yml
@@ -0,0 +1,17 @@
+name: tfsec
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+jobs:
+  tfsec:
+    name: tfsec
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone repo
+      uses: actions/checkout@master
+    - name: tfsec
+      uses: aquasecurity/tfsec-action@v1.0.0
+      with:
+        soft_fail: true
diff --git a/terraform/indexing-subsystem/main.tf b/terraform/indexing-subsystem/main.tf
index 47582273..d2cb73ee 100644
--- a/terraform/indexing-subsystem/main.tf
+++ b/terraform/indexing-subsystem/main.tf
@@ -104,6 +104,10 @@ resource "aws_ecr_repository" "ecr-repo-indexer-lambda" {
   name = "indexer-lambda"
 }
 
+resource "aws_ecr_repository" "test-trigger-tfsec-comment" {
+  name = "test-trigger-tfsec-comment"
+}
+
 resource "aws_sqs_queue" "indexer_topic" {
   name                       = "indexer-topic"
   message_retention_seconds  = 86400 # 1 day