diff --git a/.github/pvtr-config.yml b/.github/pvtr-config.yml
new file mode 100644
index 0000000..92219b1
--- /dev/null
+++ b/.github/pvtr-config.yml
@@ -0,0 +1,22 @@
+vars:
+  token: {{ TOKEN }} # repo, admin:org
+
+policy:
+  catalogs:
+    - OSPS_B
+  applicability:
+    - Maturity Level 1
+
+write-directory: evaluation_results
+services:
+  privateer:
+    plugin: github-repo
+    vars:
+      owner: privateerproj
+      repo: privateer
+  privateer-sdk:
+    plugin: github-repo
+    vars:
+      owner: privateerproj
+      repo: privateer-sdk
+
diff --git a/.github/workflows/osps-baseline.yml b/.github/workflows/osps-baseline.yml
new file mode 100644
index 0000000..abd0986
--- /dev/null
+++ b/.github/workflows/osps-baseline.yml
@@ -0,0 +1,25 @@
+name: OSPS Baseline Scan
+
+on: [workflow_dispatch]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Pull the pvtr-github-repo image
+        run: docker pull eddieknight/pvtr-github-repo:latest
+
+      - name: Add GitHub Secret to config file so it is protected in outputs
+        run: |
+          sed -i 's/{{ TOKEN }}/${{ secrets.TOKEN }}/g' ${{ github.workspace }}/.github/pvtr-config.yml
+
+      - name: Scan all repos specified in .github/pvtr-config.yml
+        run: |
+          docker run --rm \
+            -v ${{ github.workspace }}/.github/pvtr-config.yml:/.privateer/config.yml \
+            -v ${{ github.workspace }}/docker_output:/evaluation_results \
+            eddieknight/pvtr-github-repo:latest