diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000000000..a5c02c75e
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,46 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp', 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Install dependencies
+      run: >
+        sudo apt-get update &&
+        sudo ./contrib/ci/fwupd_setup_helpers.py install-dependencies --yes -o ubuntu &&
+        python3 -m pip install --user "meson >= 0.60.0"
+
+    - name: Build
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/build
+        cd $GITHUB_WORKSPACE/build
+        meson .. -Dman=false -Ddocs=none  -Defi_binary=false -Dplugin_uefi_capsule_splash=false --prefix=$GITHUB_WORKSPACE/dist
+        ninja
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
diff --git a/.lgtm.yml b/.lgtm.yml
deleted file mode 100644
index 7b9d41887..000000000
--- a/.lgtm.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-extraction:
-  python:
-    python_setup:
-      version: "3"
-  cpp:
-    prepare:
-      packages:
-      - libarchive-tools
-      - python3-pip
-      - python3-setuptools
-      - python3-wheel
-      - libssl-dev
-    after_prepare:
-    - python3 -m pip install --user "meson >= 0.60.0"
-    - export PATH="$HOME/.local/bin:$PATH"
-    - "cd $LGTM_WORKSPACE"
-    - "mkdir installdir"
-    - "wget https://github.com/tpm2-software/tpm2-tss/releases/download/2.3.0/tpm2-tss-2.3.0.tar.gz"
-    - "tar xf tpm2-tss-2.3.0.tar.gz"
-    - "cd tpm2-tss-2.3.0"
-    - "./configure --prefix=$LGTM_WORKSPACE/installdir/usr --disable-doxygen-doc"
-    - "make install"
-    - "export PKG_CONFIG_PATH=$LGTM_WORKSPACE/installdir/usr/lib/pkgconfig:$PKG_CONFIG_PATH"
-    - "export LD_LIBRARY_PATH=$LGTM_WORKSPACE/installdir/usr/lib:$LD_LIBRARY_PATH"
-    configure:
-      command:
-      - "meson setup _lgtm_build_dir -Defi_binary=false -Dplugin_uefi_capsule_splash=false -Ddocs=none"
-    index:
-      build_command:
-      - "ninja -C _lgtm_build_dir"
diff --git a/README.md b/README.md
index 5974a5d4a..74aaa367d 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # fwupd
 
 [![Build Status](https://github.com/fwupd/fwupd/actions/workflows/main.yml/badge.svg)](https://github.com/fwupd/fwupd/actions/workflows/main.yml)
+[![CodeQL](https://github.com/fwupd/fwupd/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/fwupd/fwupd/actions/workflows/codeql-analysis.yml)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/10744/badge.svg)](https://scan.coverity.com/projects/10744)
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/fwupd.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:fwupd)
 [![CircleCI](https://circleci.com/gh/fwupd/fwupd/tree/main.svg?style=svg)](https://circleci.com/gh/fwupd/fwupd/tree/main)