diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b347f3ab3cf24c491160ccc9135b0c6250af80e9..39e6b7d72977b568504b26e113a4e662cc2c6320 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,6 +3,7 @@ image: maven:3-jdk-8
 stages:
   - build
   - test
+  - analyse
 
 build-jdk11:
   image: maven:3-jdk-11
@@ -34,3 +35,22 @@ test-positive-whole:
     - diff /tmp/out.o src/test/data/pa2/sample/ast_coverage.py.ast.typed || echo 'Ignoring failed test...'
   allow_failure: true
 
+code_quality:
+  image: docker:stable
+  stage: analyse
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SOURCE_CODE="$PWD"
+        --volume "$PWD":/code
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
+  artifacts:
+    reports:
+      codequality: gl-code-quality-report.json
+