diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index 00426e44..87b60112 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -40,3 +40,13 @@ jobs:
     uses: StanfordBDHG/.github/.github/workflows/markdown-link-check.yml@v2
     permissions:
       contents: read
+  codeql:
+    name: CodeQL
+    uses: StanfordBDHG/.github/.github/workflows/xcodebuild-or-fastlane.yml@v2
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    with:
+      codeql: true
+      fastlanelane: codeql