diff --git a/.github/codeql/config.yml b/.github/codeql/config.yml
new file mode 100644
index 00000000000..71742d9a417
--- /dev/null
+++ b/.github/codeql/config.yml
@@ -0,0 +1,8 @@
+name: "SerenityOS CodeQL Config"
+
+queries:
+ - uses: security-and-quality
+ - uses: security-extended 
+
+# Documentation for configuring CodeQL is located here:
+# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
index f3af9ad0c3f..9330a08bdb3 100644
--- a/.github/workflows/cmake.yml
+++ b/.github/workflows/cmake.yml
@@ -49,6 +49,7 @@ jobs:
         key: ${{ runner.os }}-toolchain-${{ hashFiles('Libraries/LibC/**/*.h', 'Toolchain/Patches/*.patch') }}
     - name: Restore or regenerate Toolchain
       run: TRY_USE_LOCAL_TOOLCHAIN=y ${{ github.workspace }}/Toolchain/BuildIt.sh
+
     # TODO: ccache
     # https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/
     # https://github.com/cristianadam/HelloWorld/blob/master/.github/workflows/build_cmake.yml
@@ -63,6 +64,12 @@ jobs:
 
     # === ACTUALLY BUILD AND TEST ===
 
+    - name: Initialize CodeQL Static Analysis for C++
+      uses: github/codeql-action/init@v1
+      with:
+        languages: cpp
+        config-file: ./.github/codeql/config.yml
+
     - name: Build Serenity and Tests
       working-directory: ${{ github.workspace }}/Build
       run: cmake --build . -j2
@@ -76,6 +83,10 @@ jobs:
       working-directory: ${{ github.workspace }}/Build/Meta/Lagom
       run: DISABLE_DBG_OUTPUT=1 ./test-js
 
+     # Run analysis last, so contributors get lint/test feedback ASAP.
+    - name: Perform post build CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
+
     # === NOTIFICATIONS ===
 
     - name: Dump event info