diff --git a/.github/workflows/salus.yaml b/.github/workflows/salus.yaml
index a8af62f..9e88e8d 100644
--- a/.github/workflows/salus.yaml
+++ b/.github/workflows/salus.yaml
@@ -15,7 +15,7 @@ jobs:
       run: ./hack/inject-nosec.sh
     - name: Salus Scan
       id: salus_scan
-      uses: federacy/scan-action@0.1.2
+      uses: federacy/scan-action@0.1.5
       with:
         report_uri: file://./salus-report.txt
         report_format: txt
diff --git a/salus-config.yaml b/salus-config.yaml
new file mode 100644
index 0000000..74b7f2d
--- /dev/null
+++ b/salus-config.yaml
@@ -0,0 +1,28 @@
+# https://github.com/coinbase/salus/blob/master/docs/configuration.md
+
+# Used in the report to identify the project being scanned.
+project_name: Doppler Kubernetes Operator
+
+# Defines where to send Salus reports and in what format.
+reports:
+  - uri: file://salus-report.txt
+    format: txt
+
+# All scanners to execute, or the String value "all"/"none"
+active_scanners:
+  - Gosec
+  - PatternSearch
+  - RepoNotEmpty
+  - GoOSV
+  - GoVersionScanner
+  - GoPackageScanner
+  - ReportGoDep
+  - Trufflehog
+
+# All scanners that will exit non-zero if they fail, or the String value "all"/"none"
+enforced_scanners: "all"
+
+scanner_configs:
+  GoVersionScanner:
+    error:
+      min_version: '1.22.0'