diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index c11a4ba3..6973ea29 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -63,3 +63,22 @@ jobs:
           go mod tidy
           git diff-index HEAD
           git diff-index --quiet HEAD
+
+      - name: Checkov GitHub Action
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          # This will add both a CLI output to the console and create a results.sarif file
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+        
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        
+        # Results are generated only on a success or failure
+        # this is required since GitHub by default won't run the next step
+        # when the previous one has failed. Security checks that do not pass will 'fail'.
+        # An alternative is to add `continue-on-error: true` to the previous step
+        # Or 'soft_fail: true' to checkov.
+        if: success() || failure()
+        with:
+          sarif_file: results.sarif
\ No newline at end of file