diff --git a/.github/workflows/github-codeql.yml b/.github/workflows/github-codeql.yml
new file mode 100644
index 0000000..2fa28fa
--- /dev/null
+++ b/.github/workflows/github-codeql.yml
@@ -0,0 +1,48 @@
+---
+name: "GitHub CodeQL"
+
+on:
+  push:
+    branches:
+      - "main"
+  schedule:
+    - cron: '20 18 * * 4'
+
+jobs:
+  codeql:
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - uses: "actions/checkout@v2"
+        with:
+          lfs: true
+          fetch-depth: 0
+
+      - uses: "actions/setup-go@v2.1.3"
+        with:
+          go-version: "1.15.8"
+
+      - name: "Setup/restore Go cache"
+        uses: "actions/cache@v2.1.4"
+        with:
+          # In order:
+          # * Module download cache
+          # * Build cache (Linux)
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: ${{ runner.os }}-go-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: "Initialize CodeQL"
+        uses: "github/codeql-action/init@v1"
+        with:
+          languages: "go"
+
+      - name: "Build the output binaries"
+        run: |
+          make build-all
+
+      - name: "Perform CodeQL Analysis"
+        uses: "github/codeql-action/analyze@v1"