diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
new file mode 100644
index 0000000..6f51c7c
--- /dev/null
+++ b/.github/workflows/shiftleft.yml
@@ -0,0 +1,63 @@
+---
+# This workflow integrates ShiftLeft NG SAST with GitHub
+# Visit https://docs.shiftleft.io for help
+name: ShiftLeft
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  NextGen-Static-Analysis:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Download ShiftLeft CLI
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    - name: Extract branch name
+      shell: bash
+      run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+      id: extract_branch
+    - name: NextGen Static Analysis
+      run: |
+        pip install --upgrade setuptools wheel
+        pip install -r requirements.txt
+        ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app flask-webgoat --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd)
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        
+      if:
+        ${{ hashFiles('requirements.txt') != '' }}
+    - name: Legacy Static Analysis
+      run: |
+        echo "Please update your `shiftleft-python-demo` fork!"
+        ${GITHUB_WORKSPACE}/sl analyze --strict --wait --no-cpg --app flask-webgoat --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd)
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        
+      if:
+        ${{ hashFiles('requirements.txt') == '' }}
+   
+  ## Uncomment the following section to enable build rule checking and enforcing.
+  #Build-Rules: 
+    #runs-on: ubuntu-latest
+    #needs: NextGen-Static-Analysis
+    #steps:
+    #- uses: actions/checkout@v2
+    #- name: Download ShiftLeft CLI
+    #  run: |
+    #    curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    #- name: Validate Build Rules
+    #  run: |
+    #    ${GITHUB_WORKSPACE}/sl check-analysis --app flask-webgoat \
+    #       --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \
+    #       --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
+    #       --report \
+    #       --github-pr-number=${{github.event.number}} \
+    #       --github-pr-user=${{ github.repository_owner }} \
+    #       --github-pr-repo=${{ github.event.repository.name }} \
+    #       --github-token=${{ secrets.GITHUB_TOKEN }}
+    #  env:
+        #SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        
\ No newline at end of file
diff --git a/shiftleft.yml b/shiftleft.yml
index 64a27f8..220d4ba 100644
--- a/shiftleft.yml
+++ b/shiftleft.yml
@@ -1,12 +1,12 @@
 build_rules:
-  - id: no-findings-allowed-rule
+  - id: allow-zero-findings
     finding_types:
       - vuln
       - secret
       - insight
-      - extscan
+      - "*"
     severity:
       - SEVERITY_MEDIUM_IMPACT
       - SEVERITY_HIGH_IMPACT
       - SEVERITY_LOW_IMPACT
-    threshold: 0
+    threshold: 0
\ No newline at end of file