diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b4fb388
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# sast-check
+Run SAST checks using GitHub Actions
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..aa02758
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,15 @@
+name: 'SAST Check'
+description: 'Run SAST checks in your code'
+inputs:
+  path: 
+    description: 'Path to run SAST checks on'
+    required: false
+    default: '.'
+outputs:
+    result: 
+        description: 'Output of SAST checks'
+runs:
+  using: 'docker'
+  image: 'docker/Dockerfile'
+  args:
+    - ${{ inputs.path }}
diff --git a/docker/.dockerignore b/docker/.dockerignore
new file mode 100644
index 0000000..5f7dc38
--- /dev/null
+++ b/docker/.dockerignore
@@ -0,0 +1,2 @@
+*
+!sast-check.sh
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..2ac1ee5
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,8 @@
+FROM python:3.8-alpine
+
+RUN pip install bandit
+
+ADD sast-check.sh /bin/sast-check
+RUN chmod +x /bin/sast-check
+
+ENTRYPOINT [ "/bin/sast-check" ]
diff --git a/docker/sast-check.sh b/docker/sast-check.sh
new file mode 100644
index 0000000..2d0c590
--- /dev/null
+++ b/docker/sast-check.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -euo pipefail
+bandit --version
+bandit -r -a vuln -ii -ll -x .git,.svn,.mvn,.idea,dist,bin,obj,backup,docs,tests,test,tmp,reports,venv "$@"
+# EXITCODE=$?
+
+# RESULT="${RESULT//'%'/'%25'}"
+# RESULT="${RESULT//$'\n'/'%0A'}"
+# RESULT="${RESULT//$'\r'/'%0D'}"
+# echo "::set-output name=result::${RESULT}"
+
+# exit ${EXITCODE}