diff --git a/.github/workflows/coverity.yaml b/.github/workflows/coverity.yaml
new file mode 100644
index 0000000..5ea99c9
--- /dev/null
+++ b/.github/workflows/coverity.yaml
@@ -0,0 +1,38 @@
+name: Coverity scan
+on:
+  schedule:
+    - cron: '0 18 * * 1' # Weekly at 18:00 UTC on Mondays
+
+jobs:
+  latest:
+    runs-on: ubuntu-latest
+    container: debian:stable
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Install dependencies
+        run: |
+          apt update
+          DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends php-dev curl ca-certificates make gcc
+      - name: Download Coverity Build Tool
+        run: |
+          curl https://scan.coverity.com/download/linux64 --form token=$TOKEN --form project=jvoisin/fortify-headers -o cov-analysis-linux64.tar.gz
+          mkdir cov-analysis-linux64
+          tar xzf cov-analysis-linux64.tar.gz --strip-components=1 -C cov-analysis-linux64
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+      - name: Build with cov-build
+        run: ./cov-analysis-linux64/bin/cov-build --dir cov-int make -C tests gcc
+      - name: Submit the result to Coverity Scan
+        run: |
+          tar czf fortify-headers.tgz cov-int
+          curl \
+            --form project=jvoisin/fortify-headers \
+            --form token=$TOKEN \
+            --form file=@fortify-headers.tgz \
+            --form version=master \
+            --form email=julien.voisin+coverity@dustri.org \
+            --form description=master \
+            https://scan.coverity.com/builds?project=jvoisin/fortify-headers
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}