diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml
new file mode 100644
index 0000000..e002789
--- /dev/null
+++ b/.github/workflows/code-scan.yml
@@ -0,0 +1,15 @@
+name: Code Scan
+
+on:
+  pull_request:
+    branches: [ master, development ]
+  schedule:
+    - cron: '0 12 * * 1' # runs at 12:00 UTC on Mondays
+  workflow_dispatch:
+
+jobs:
+  scan:
+    uses: hms-dbmi/actions/.github/workflows/code-scan.yml@main
+    secrets:
+      SONAR_HOST_URL: ${{ secrets.BLHMSDBMI_SONAR_HOST_URL }}
+      SONAR_TOKEN: ${{ secrets.BLHMSDBMI_SONAR_TOKEN }}
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..f947357
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,8 @@
+sonar.projectKey=hms-dbmi_dbmi-fileservice_e78292f8-f5d1-4b7f-8de9-f04d6c887c86
+
+# relative paths to source directories. More details and properties are described
+# at https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
+sonar.sources=fileservice/
+
+# Set python version
+sonar.python.version=3.11