diff --git a/.github/workflows/black-duck-security-scan-ci.yml b/.github/workflows/black-duck-security-scan-ci.yml
new file mode 100644
index 00000000..bffd8d74
--- /dev/null
+++ b/.github/workflows/black-duck-security-scan-ci.yml
@@ -0,0 +1,61 @@
+# Copyright (c) 2026 Lukasz Stalmirski
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+name: Coverity Scan
+
+on:
+  workflow_dispatch:
+#  schedule:
+#    - cron: '00 09 * * 6'
+
+jobs:
+  build:
+    runs-on: windows-latest
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+      - run: python3 -m pip install -r '${{ github.workspace }}/VkLayer_profiler_layer/scripts/requirements.txt'
+
+      - name: Configure CMake
+        run: cmake -S '${{ github.workspace }}' -B '${{ github.workspace }}/build'
+
+      - name: Coverity Scan
+        uses: blackduck-inc/black-duck-security-scan@v2
+        with:
+          coverity_url: ${{ vars.COVERITY_URL }}
+          coverity_user: ${{ secrets.COVERITY_USER }}
+          coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
+          coverity_project_name: ${{ github.event.repository.name }}
+          coverity_build_command: |
+            cmake --build '${{ github.workspace }}/build' --config Release -j
+          coverity_clean_command: |
+            cmake --build '${{ github.workspace }}/build' --config Release --target clean