diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..bf8f491
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,76 @@
+name: Continuous Integration
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - edited
+      - synchronize
+    paths:
+      - 'src/*'
+
+env:
+  DOCKERFILE: src/main/docker/Dockerfile
+
+jobs:
+  scan-sonar:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: "Checkout the source code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: "Set up JDK 21"
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+        with:
+          java-version: 21
+          distribution: temurin
+
+      - name: "Cache Gradle packages"
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+
+      - name: "Cache SonarCloud packages"
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: "Build and analyze"
+        run: ./gradlew build jacocoTestReport sonarqube --info
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  scan-cve:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: "Checkout the source code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: "Build the Docker image"
+        run: docker build . --file ${{ env.DOCKERFILE }} --target cve --tag localbuild/testimage:latest
+
+      - name: "Run the Trivy scan action itself with GitHub Advanced Security code scanning integration enabled"
+        id: scan
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
+        with:
+          image-ref: "localbuild/testimage:latest"
+          format: 'sarif'
+          output: 'results.sarif'
+
+      - name: "Upload Anchore Scan Report"
+        uses: github/codeql-action/upload-sarif@cbe18979603527f12c7871a6eb04833ecf1548c7 # CodeQL Bundle v2.19.3
+        with:
+          sarif_file: 'results.sarif'
\ No newline at end of file