diff --git a/.github/workflows/dast.yml b/.github/workflows/dast.yml
new file mode 100644
index 000000000..3a7c19f8d
--- /dev/null
+++ b/.github/workflows/dast.yml
@@ -0,0 +1,47 @@
+name: "DAST Scan with OWASP ZAP [Push & PR]"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+
+jobs:
+  dast_zap_scan:
+    runs-on: ubuntu-latest
+
+    services:
+      app:
+        image: ghcr.io/codbex/codbex-kronos:latest
+        ports:
+          - 80:80
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Wait for app to start
+        run: |
+          URL='http://localhost:80/actuator/health/readiness'
+          for i in {1..30}; do
+            echo "Checking readiness at $URL... attempt $i"
+            if curl -f $URL; then
+              echo '----------------------'
+              echo "Application is ready."
+              break
+            fi
+            sleep 5
+          done
+
+      - name: Run OWASP ZAP Full Scan
+        uses: zaproxy/action-full-scan@v0.12.0
+        with:
+          target: 'http://localhost:80'
+          cmd_options: '-T 10' # https://www.zaproxy.org/docs/docker/full-scan/
+          artifact_name: dast_zap_report # all results will be uploaded with an artifact with this name
+          allow_issue_writing: false # create an issue with the results
+          issue_title: '[DAST] ZAP Full Scan Report'
+