diff --git a/.github/workflows/frogbot-scan-pull-request.yaml b/.github/workflows/frogbot-scan-pull-request.yaml
new file mode 100644
index 000000000..680d083d7
--- /dev/null
+++ b/.github/workflows/frogbot-scan-pull-request.yaml
@@ -0,0 +1,30 @@
+name: "Frogbot Scan Pull Request"
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+permissions:
+  pull-requests: write
+  contents: read
+  id-token: write
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          JF_URL: ${{ secrets.JF_URL }}
+
+          # [Mandatory]
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Optional] Xray Watches to apply
+          JF_WATCHES: "build-watch"
+
+          # [Optional] Show all vulnerabilities, not just the ones introduced in the PR
+          JF_INCLUDE_ALL_VULNERABILITIES: "true"
+
+        # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
+        with:
+          oidc-provider-name: yanirw/CI-demo@github
+