Adding workflows

.github/workflows/codeql.yml

@@ -0,0 +1,26 @@
+name: CodeQL (Java) - SAST
+
+on:
+  pull_request:
+  push:
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Code Scanning - CodeQL
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: hyperwallet/public-security-workflows/codeql@main
+        with:
+          language: java
+          build-mode: 'none'
+          timeout-minutes: 25
+

.github/workflows/dependency-review.yml

@@ -0,0 +1,42 @@
+name: 'Dependency Review'
+
+on:
+  workflow_call:
+    inputs:
+      timeout-minutes:
+        description: 'Optional override for larger builds'
+        default: 20
+        required: false
+        type: number
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    if: ${{ github.event_name == 'pull_request' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+
+    steps:
+      - name: Validate Input (timeout-minutes)
+        if: ${{ inputs.timeout-minutes > 99 }}
+        shell: bash
+        run: |
+          echo "Invalid input (timeout-minutes), maximum value is 99"
+          exit 1
+
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Dependency Review       
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: critical
+          fail-on-scopes: runtime
+          comment-summary-in-pr: always
+          show-openssf-scorecard: false
+          license-check: false
+          warn-only: true