1 files changed, 59 insertions, 0 deletions

diff --git a/.github/workflows/clippy.yaml b/.github/workflows/clippy.yaml
new file mode 100644
index 0000000..2d3ea70
--- /dev/null
+++ b/.github/workflows/clippy.yaml
@@ -0,0 +1,59 @@
+name: Clippy
+
+on:
+  push:
+    paths:
+      - 'Cargo.toml'
+      - 'Cargo.lock'
+      - '**.rs'
+    branches: [main]
+  pull_request:
+    paths:
+      - 'Cargo.toml'
+      - 'Cargo.lock'
+      - '**.rs'
+  workflow_dispatch:
+
+jobs:
+  clippy:
+    name: Run scan
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: "clippy"
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Install SARIF tools
+        run: |
+          cargo install clippy-sarif sarif-fmt
+
+      - name: Fetch Cargo deps
+        run: |
+          cargo fetch --locked
+
+      - name: Run Clippy
+        continue-on-error: true
+        run: |
+          cargo clippy \
+            --all-features \
+            --all-targets \
+            --message-format=json \
+          | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt
+
+      - name: Upload results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: /tmp/clippy.sarif
+          wait-for-processing: true