diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..71dbac47
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: "37 4 * * 0"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ go ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"
\ No newline at end of file
diff --git a/.github/workflows/static-scan.yml b/.github/workflows/static-scan.yml
new file mode 100644
index 00000000..56bef9fc
--- /dev/null
+++ b/.github/workflows/static-scan.yml
@@ -0,0 +1,49 @@
+name: Go-static-analysis
+on: [push, pull_request]
+jobs:
+
+  golangci:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: v1.52.2
+
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run ShellCheck
+      uses: ludeeus/action-shellcheck@master
+  hadolint:
+    runs-on: ubuntu-latest
+    name: Hadolint
+    steps:
+    - uses: actions/checkout@v2
+    - uses: brpaz/hadolint-action@v1.2.1
+      name: Run Hadolint
+      with:
+       dockerfile: Dockerfile
+
+  go-check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18.x
+
+    # if this fails, run go mod tidy
+    - name: Check if module files are consistent with code
+      run: go mod tidy && git diff --exit-code
+
+    # if this fails, run go mod vendor
+    - name: Check if vendor directory is consistent with go modules
+      run: go mod vendor && git diff --exit-code
\ No newline at end of file
diff --git a/README.md b/README.md
index 057361c2..b129d617 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/userspace-cni-network-plugin/badge)](https://api.securityscorecards.dev/projects/github.com/intel/userspace-cni-network-plugin)
    * [Summary](#summary)
       * [Links](#links)
       * [Weekly Meeting](#weekly-meeting)