diff --git a/.github/workflows/push_gem.yaml b/.github/workflows/release.yaml
similarity index 95%
rename from .github/workflows/push_gem.yaml
rename to .github/workflows/release.yaml
index 0924b72f..a139d094 100644
--- a/.github/workflows/push_gem.yaml
+++ b/.github/workflows/release.yaml
@@ -1,5 +1,5 @@
 # This workflow was generated by https://github.com/rubygems/configure_trusted_publisher
-name: Push Gem
+name: Release
 
 on:
   workflow_dispatch:
@@ -84,7 +84,7 @@ jobs:
           branch: release-v${{ inputs.version }}
           title: "Release v${{ inputs.version }}"
           body: |
-            - [ ] Confirm the [push-gem action](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) succeeded before merging
+            - [ ] Confirm the [release action](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) succeeded before merging
             - [ ] Confirm this version bump should be merged into [${{ github.ref_name }}](https://github.com/${{ github.repository }}/tree/${{ github.ref_name }}) or change the base branch
             - [ ] Review and edit the [GitHub Draft Release](https://github.com/${{ github.repository }}/releases) (can be done after this PR is merged)
 
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
new file mode 100644
index 00000000..42486207
--- /dev/null
+++ b/.github/workflows/scorecard.yaml
@@ -0,0 +1,27 @@
+name: Open Source Security Foundation Scorecard
+on:
+  pull_request:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+
+  # Manual trigger
+  workflow_dispatch:
+
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: "0 5 * * 1"
+  push:
+    branches: ["main"]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  ossf:
+    uses: block/ospo/.github/workflows/scorecard.yml@main
+    secrets: inherit
+    permissions:
+      security-events: write
+      id-token: write
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
new file mode 100644
index 00000000..19ba4752
--- /dev/null
+++ b/.github/workflows/security.yaml
@@ -0,0 +1,23 @@
+name: Security and License Scans
+
+on:
+  pull_request:
+  pull_request_target:
+    branches:
+      - main
+
+  push:
+    branches:
+      - main
+
+  # Run every day at 5am UTC
+  schedule:
+    - cron: "0 5 * * *"
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  security-license-scan:
+    uses: block/ospo/.github/workflows/security.yml@main
+    secrets: inherit