diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..d5a22ab3
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,72 @@
+name: CodeQL Swift
+
+on:
+  push:
+    branches: [ "main", "review/**/*" ]
+  pull_request:
+    branches: [ "main", "review/**/*" ]
+  schedule:
+    - cron: '31 4 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze Swift
+    runs-on: macos-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+      packages: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache DerivedData
+        uses: actions/cache@v4
+        with:
+          path: ~/Library/Developer/Xcode/DerivedData
+          key: deriveddata-${{ runner.os }}-${{ hashFiles('**/*.swift', '**/*.xcodeproj', '**/*.xcworkspace', '**/Package.resolved') }}
+          restore-keys: |
+            deriveddata-${{ runner.os }}-
+
+      - name: Debug Xcode Version
+        run: xcodebuild -version
+
+      - name: Select Xcode Version
+        run: sudo xcode-select -s "/Applications/Xcode_16.4.app"
+
+      - name: Debug Available Simulators
+        run: xcrun simctl list devices
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: swift
+          build-mode: manual
+
+      - name: Set Default Scheme
+        run: |
+          scheme_list=$(xcodebuild -list -json | tr -d "\n")
+          default=$(echo $scheme_list | ruby -e "require 'json'; puts JSON.parse(STDIN.gets)['project']['targets'][0]")
+          echo $default | cat >default
+          echo "Using default scheme: $default"
+
+      - name: Build
+        id: buildstep
+        env:
+          scheme: ${{ 'default' }}
+          platform: ${{ 'iOS Simulator' }}
+        run: |
+          if [ $scheme = default ]; then scheme=$(cat default); fi
+          if [ -n "$(ls -A | grep -i \\.xcworkspace\$)" ]; then filetype_parameter="workspace" && file_to_build=$(ls -A | grep -i \\.xcworkspace\$); else filetype_parameter="project" && file_to_build=$(ls -A | grep -i \\.xcodeproj\$); fi
+          file_to_build=$(echo $file_to_build | awk '{$1=$1;print}')
+          xcodebuild clean build \
+            -scheme "$scheme" \
+            -"$filetype_parameter" "$file_to_build" \
+            -destination "platform=$platform,name=iPhone 16 Pro,OS=18.4"
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:swift"