diff --git a/.github/workflows/security-php.yml b/.github/workflows/security-php.yml
new file mode 100644
index 00000000000..50a5ea12fc1
--- /dev/null
+++ b/.github/workflows/security-php.yml
@@ -0,0 +1,27 @@
+name: PHP Security Check
+
+on:
+  # Run automatically every Monday on midnight.
+  schedule:
+    - '0 0 * * 1'
+  # Run on pull requests only when composer.lock has changed.
+  pull_request:
+    paths:
+      - 'composer.lock'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/cache@v2
+        id: cache-db
+        with:
+          path: ~/.symfony/cache
+          key: db
+
+      - uses: symfonycorp/security-checker-action@v4