diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 000000000..cee251402
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,31 @@
+name: static code analysis
+
+on: [push]
+env:
+  SCAN_IMG:
+    yes-docker-local.artifactory.in.yubico.org/static-code-analysis/java:v1
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@master
+
+    - name: Prep scan
+      run: |
+        docker login yes-docker-local.artifactory.in.yubico.org/ \
+             -u svc-static-code-analysis-reader \
+             -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+        docker pull ${SCAN_IMG}
+
+    - name: Scan and fail on warnings
+      run: |
+        docker run -v${PWD}:/k \
+          -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
+
+    - uses: actions/upload-artifact@master
+      if: failure()
+      with:
+        name: suppression_files
+        path: suppression_files
diff --git a/build.gradle b/build.gradle
index 8264dadb6..39eacab6b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -87,7 +87,7 @@ subprojects {
   repositories {
     mavenLocal()
 
-    maven { url "http://repo.maven.apache.org/maven2" }
+    maven { url "https://repo.maven.apache.org/maven2" }
   }
 }