diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml
new file mode 100644
index 000000000..9578485a5
--- /dev/null
+++ b/.github/workflows/brakeman.yml
@@ -0,0 +1,46 @@
+name: Ensure Brakeman Passes
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  brakeman:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Ruby, Gems, and Install Dependencies
+        uses: ./.github/actions/setup-ruby-deps
+
+      - name: Run Brakeman (Human-readable and JSON outputs)
+        run: |
+          mkdir -p tmp
+          bundle exec brakeman --no-exit-on-warn -o tmp/brakeman-output.json
+        env:
+          BRAKEMAN_FORMAT: json
+
+      - name: Display Brakeman Report
+        run: |
+          echo "Brakeman Report (JSON):"
+          cat tmp/brakeman-output.json || echo "Brakeman report is missing or empty."
+        shell: bash
+
+      - name: Upload Brakeman Report
+        uses: actions/upload-artifact@v4
+        with:
+          name: brakeman-report
+          path: tmp/brakeman-output.json
+
+      - name: Fail on High-Severity Issues
+        run: |
+          HIGH_SEVERITY_COUNT=$(jq '.warnings | map(select(.confidence == "High")) | length' tmp/brakeman-output.json)
+          echo "High severity issues: $HIGH_SEVERITY_COUNT"
+          if [ "$HIGH_SEVERITY_COUNT" -gt 0 ]; then
+            echo "Brakeman detected high-severity issues. Failing the job."
+            exit 1
+          fi
+        env:
+          BRAKEMAN_FORMAT: json
+        shell: bash
diff --git a/Gemfile.lock b/Gemfile.lock
index 862db3234..5ebb134b6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -377,11 +377,11 @@ PLATFORMS
   aarch64-linux
   aarch64-linux-gnu
   aarch64-linux-musl
-  arm64-darwin-23
   arm-linux
   arm-linux-gnu
   arm-linux-musl
   arm64-darwin
+  arm64-darwin-23
   x86-linux
   x86-linux-gnu
   x86-linux-musl
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
deleted file mode 100644
index 6072b585d..000000000
--- a/config/brakeman.ignore
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "ignored_warnings": [
-    {
-      "warning_type": "Mass Assignment",
-      "warning_code": 105,
-      "fingerprint": "c885cc05df4d2146d8452ec9809d902182d4e29e7e239b442ecf37b1a8939939",
-      "check_name": "PermitAttributes",
-      "message": "Potentially dangerous key allowed for mass assignment",
-      "file": "app/controllers/users_controller.rb",
-      "line": 43,
-      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.require(:user).permit(:id, :display_name, :role, :account_active, :password, :password_confirmation)",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "UsersController",
-        "method": "user_params"
-      },
-      "user_input": ":role",
-      "confidence": "Medium",
-      "note": ""
-    },
-    {
-      "warning_type": "Unmaintained Dependency",
-      "warning_code": 120,
-      "fingerprint": "d84924377155b41e094acae7404ec2e521629d86f97b0ff628e3d1b263f8101c",
-      "check_name": "EOLRails",
-      "message": "Support for Rails 5.2.8.1 ended on 2022-06-01",
-      "file": "Gemfile.lock",
-      "line": 185,
-      "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/",
-      "code": null,
-      "render_path": null,
-      "location": null,
-      "user_input": null,
-      "confidence": "High",
-      "note": ""
-    }
-  ],
-  "updated": "2022-07-14 14:00:01 -0400",
-  "brakeman_version": "5.2.3"
-}