diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 000000000..c5e5eae00
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,48 @@
+name: Coverity
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'ppp-project' }}
+    steps:
+    - uses: actions/checkout@v3
+    - name: Download Coverity build tool
+      run: |
+        wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=pppd" -O coverity_tool.tar.gz
+        mkdir coverity_tool
+        tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+
+    - name: install required packages
+      run: |
+        sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update
+        sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \
+          build-essential autoconf automake pkg-config libtool m4 autoconf-archive \
+          libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev
+
+    - name: Configure
+      run: |
+        ./autogen.sh --enable-multilink --enable-systemd --enable-cbcp
+
+    - name: Build with Coverity build tool
+      run: |
+        export PATH=`pwd`/coverity_tool/bin:$PATH
+        cov-build --dir cov-int make
+
+    - name: Submit build result to Coverity Scan
+      run: |
+        tar czvf cov.tar.gz cov-int
+        curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
+          --form email=chipitsine@gmail.com \
+          --form file=@cov.tar.gz \
+          --form version="Commit $GITHUB_SHA" \
+          --form description="Build submitted via CI" \
+          https://scan.coverity.com/builds?project=pppd
+