diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 7e4c12199..806f8d381 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -31,6 +31,8 @@ jobs:
     name: Deploy
     environment: ${{ inputs.environment }}
     runs-on: ubuntu-latest
+    outputs:
+      hostname: ${{ steps.export-hostname.outputs.hostname }}
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
@@ -70,6 +72,8 @@ jobs:
           export CLEANED_BRANCH_NAME=$(echo ${BRANCH_NAME} | sed 's/^feature[-/]//' | sed 's:^\w*\/::' | tr -s ' _/[]().' '-' | tr '[:upper:]' '[:lower:]' | cut -c1-28 | sed 's/-$//')
           export HOST_NAME=${CLEANED_BRANCH_NAME}-${DEV_HOST}
 
+          echo "${HOST_NAME}" > hostname.txt
+
           helm upgrade ${CLEANED_BRANCH_NAME} \
           ${HELM_DIR} \
           --namespace=${{ secrets.KUBE_NAMESPACE }} \
@@ -82,3 +86,9 @@ jobs:
           --set sharedIPRangesLAA=$SHARED_IP_RANGES_LAA \
           --force \
           --install
+
+      - name: Upload HOST_NAME as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: host-name
+          path: hostname.txt
\ No newline at end of file
diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml
index 4c18bdad2..bea878b9c 100644
--- a/.github/workflows/feature-branch.yml
+++ b/.github/workflows/feature-branch.yml
@@ -22,6 +22,11 @@ jobs:
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
+  security:
+    name: Security
+    needs: deploy-dev
+    uses: ./.github/workflows/security.yml
+
   build-and-push:
     name: Build
     uses: ./.github/workflows/build.yml
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 000000000..5bf903b85
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,35 @@
+name: Security
+
+on: workflow_call
+
+jobs:
+  zap_scan:
+    runs-on: ubuntu-latest
+    name: Scan the web application
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Download HOST_NAME artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: host-name
+
+    - name: Read HOST_NAME from file
+      id: read-hostname
+      run: |
+        HOST_NAME=$(cat hostname.txt)
+        echo "HOST_NAME=${HOST_NAME}" >> $GITHUB_ENV
+
+    - name: ZAP Full Scan
+      uses: zaproxy/action-full-scan@v0.10.0
+      with:
+        target: "http://${{ env.HOST_NAME }}"
+        artifact_name: 'zap_report'
+      continue-on-error: true
+
+    - name: Upload ZAP Report
+      uses: actions/upload-artifact@v4
+      with:
+        name: zap_report
+        path: 'report_html.html'
\ No newline at end of file