diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequest.java b/src/main/java/com/redhat/pctsec/model/ScanRequest.java
index 6e2a42c..7fa053f 100644
--- a/src/main/java/com/redhat/pctsec/model/ScanRequest.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequest.java
@@ -15,12 +15,14 @@ public class ScanRequest {
     private String brewBuild;
     private HashMap<String, String> scmurl;
 
-    @Inject
+
+    //@Inject
     brewTaskRun btr;
 
-    @Inject
+    //@Inject
     scmUrlPipelineRun plr;
 
+
     public ScanRequest(String brewBuildId)
     {
         this.brewBuild = brewBuildId;
@@ -34,8 +36,13 @@ public class ScanRequest {
     }
     public void executeScan(){
         if(this.brewBuild != null && !this.brewBuild.trim().isEmpty()){
-            //btr = new brewTaskRun();
+            btr = new brewTaskRun();
             btr.invokeScanTask(this.brewBuild);
         }
+        else (this.scmurl != null && !this.scmurl.isEmpty())
+        {
+            plr = new scmUrlPipelineRun();
+            plr.invokeOshScmScanPipeline(this.scmurl.get("repo"), this.scmurl.get("ref"));
+        }
     }
 }
diff --git a/src/main/java/com/redhat/pctsec/tekton/scmUrlPipelineRun.java b/src/main/java/com/redhat/pctsec/tekton/scmUrlPipelineRun.java
index 4f2f298..7531e03 100644
--- a/src/main/java/com/redhat/pctsec/tekton/scmUrlPipelineRun.java
+++ b/src/main/java/com/redhat/pctsec/tekton/scmUrlPipelineRun.java
@@ -1,6 +1,74 @@
 package com.redhat.pctsec.tekton;
 
+import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource;
+import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
+import io.fabric8.kubernetes.api.model.PodSecurityContext;
+import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
+import io.fabric8.tekton.client.DefaultTektonClient;
+import io.fabric8.tekton.client.TektonClient;
+import io.fabric8.tekton.client.DefaultTektonClient;
+import io.fabric8.tekton.client.TektonClient;
+import io.fabric8.tekton.pipeline.v1beta1.*;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Singleton;
+import org.apache.commons.lang3.RandomStringUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+
 public class scmUrlPipelineRun {
+    public static final String NAMESPACE = "pct-security-tooling";
+    public static final String REPO_URL = "repo-url";
+    public static final String REVISION = "revision";
+    public static final String PIPELINE_REFERENCE = "osh-client-from-source";
+    public static final String SERVICE_ACCOUNT = "osh-wrapper-client-sa";
+
+    TektonClient tektonClient = new DefaultTektonClient();
+
+    public String invokeOshScmScanPipeline(String repo, String ref) {
+
+        PodSecurityContext securityContext = new PodSecurityContextBuilder()
+                .withRunAsNonRoot(true)
+                .withRunAsUser(65532L)
+                .build();
+
+        WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("sources")
+                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null))
+                .build();
+
+        WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("source-tars")
+                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
+                .build();
+
+        WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("ssl-ca-directory")
+                .withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
+                .build();
+
+        List<WorkspaceBinding> workspaceBindings = new ArrayList<>();
+        workspaceBindings.add(sourcesWorkspaceBinding);
+        workspaceBindings.add(sourceTarsWorkspaceBinding);
+        workspaceBindings.add(sslCaDirectoryWorkspaceBinding);
+
+        PipelineRun pipelineRun = new PipelineRunBuilder()
+                .withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata()
+                .withNewSpec()
+                .withNewPodTemplate()
+                .withSecurityContext(securityContext)
+                .endPodTemplate()
+                .withServiceAccountName(SERVICE_ACCOUNT)
+                .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
+                .addNewParam().withName(REPO_URL).withNewValue(repo).endParam()
+                .addNewParam().withName(REVISION).withNewValue(ref).endParam()
+                .withWorkspaces(workspaceBindings)
+                .endSpec()
+                .build();
+
+        tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create();
 
+        return "Scan invoked. PipelineRun name: " + pipelineRun.getMetadata().getName();
+    }
 
 }