diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..0d86220
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,23 @@
+---
+name: codeQL
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [test]
+
+jobs:
+  analyze:
+    name: Static analysis with CodeQL
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: javascript, python, ruby
+
+      - name: Build and analyze
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/document.yaml b/.github/workflows/document.yaml
index ac6cdc2..ceca314 100644
--- a/.github/workflows/document.yaml
+++ b/.github/workflows/document.yaml
@@ -3,8 +3,7 @@ name: document
 on:
   workflow_dispatch:
   push:
-    branches:
-      - test
+    branches: [test]
 
 jobs:
   dependency-review:
@@ -26,3 +25,5 @@ jobs:
           node-version: ${{ matrix.node-version }}
           cache: npm
           cache-dependency-path: './${{ matrix.root-build }}/package-lock.json'
+      - name: "Install node_modules"
+        run: npm install