diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml
new file mode 100644
index 00000000..c47b2307
--- /dev/null
+++ b/.github/workflows/sca_scan.yml
@@ -0,0 +1,12 @@
+name: SCA
+
+on:
+  push:
+    branches: ['master', 'main', '**']
+
+jobs:
+  snyk-cli:
+    uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main
+    with:
+      additional-arguments: '--exclude=README.md'
+    secrets: inherit
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index 4eb97a11..00000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: Snyk
-
-on:
-  merge_group:
-  workflow_dispatch:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-  push:
-    branches:
-      - master
-  schedule:
-    - cron: '30 0 1,15 * *'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
-
-jobs:
-  check:
-    name: Check for Vulnerabilities
-    runs-on: ubuntu-latest
-
-    steps:
-      - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
-        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
-
-      - uses: actions/checkout@v6
-        with:
-          ref: ${{ github.event.pull_request.head.sha || github.ref }}
-
-      - run: npm install -g snyk
-
-      - run: snyk test
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}