diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ed9568278..cf631cdd4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,6 +15,12 @@ jobs:
     name: Security Analysis
     uses: alphagov/govuk-infrastructure/.github/workflows/brakeman.yml@main
 
+  codeql-sast:
+    name: CodeQL SAST scan
+    uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main
+    permissions:
+      security-events: write
+
   lint-scss:
     name: Lint SCSS
     uses: alphagov/govuk-infrastructure/.github/workflows/stylelint.yml@main
@@ -56,4 +62,3 @@ jobs:
         env:
           RAILS_ENV: test
         run: bundle exec rake spec
-