diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9615ec3..fead6af 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,4 +1,7 @@
-version: 2
+version: 2.1
+orbs:
+  codecov: codecov/codecov@3
+
 jobs:
   build:
     docker:
@@ -14,10 +17,7 @@ jobs:
           - v1-dependencies-
       # run tests!
       - run: ./gradlew clean check jacocoTestReport --continue --console=plain
-      - run:
-          name: Upload Coverage
-          when: on_success
-          command: bash <(curl -s https://codecov.io/bash) -Z -C $CIRCLE_SHA1
+      - codecov/upload
       - save_cache:
           paths:
             - ~/.m2
@@ -25,4 +25,4 @@ jobs:
     environment:
       GRADLE_OPTS: '-Dorg.gradle.jvmargs="-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError"'
       _JAVA_OPTIONS: "-Xms512m -Xmx1024m"
-      TERM: dumb
\ No newline at end of file
+      TERM: dumb
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000..1ba433d
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,18 @@
+name: Semgrep
+
+on:
+  pull_request_target: {}
+  push:
+    branches: ["master", "main"]
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
+    steps:
+      - uses: actions/checkout@v3
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
diff --git a/README.md b/README.md
index 96be0d4..9b3d0c5 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Guardian Java
 
-[![CircleCI](circle-ci-badge)](circle-ci-url)
+[![CircleCI][circle-ci-badge]][circle-ci-url]
 [![MIT][mit-badge]][mit-url]
 [![Maven][maven-badge]][maven-url]
 [![JCenter][jcenter-badge]][jcenter-url]
diff --git a/opslevel.yml b/opslevel.yml
new file mode 100644
index 0000000..1e2697e
--- /dev/null
+++ b/opslevel.yml
@@ -0,0 +1,6 @@
+---
+version: 1
+repository:
+  owner: iam_mfa
+  tier:
+  tags: