diff --git a/.github/workflows/audit_and_lint.yml b/.github/workflows/audit_and_lint.yml
index a26ae6135..40002c27a 100644
--- a/.github/workflows/audit_and_lint.yml
+++ b/.github/workflows/audit_and_lint.yml
@@ -61,7 +61,7 @@ jobs:
     - name: Lint
       # run only on master/dev branch and pull requests
       if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' || github.event_name == 'pull_request'
-      run: node lint.js . --ext js
+      run: npm run lint:sarif
 
     - name: Upload lint results
       # run if lint failed and only on master/dev branch and pull requests
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..b2abc0f3f
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,30 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [master, dev]
+    paths-ignore:
+    - node_modules
+  pull_request:
+    branches: [master, dev]
+    paths-ignore:
+    - node_modules
+  schedule:
+    - cron: '0 6 * * 3'
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@ee5a9d1395988d7c82c67c69571871f5994b94df # pin@v2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          queries: security-and-quality
+          languages: javascript
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
diff --git a/README.md b/README.md
index 97da3c6ac..10ebdb4cd 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 [![npm version](https://badge.fury.io/js/%40synthetixio%2Fsynpress.svg)](https://badge.fury.io/js/%40synthetixio%2Fsynpress)
 ![Synpress CI](https://github.com/Synthetixio/synpress/workflows/Synpress%20CI/badge.svg?branch=master)
+[![Release CI](https://github.com/Synthetixio/synpress/actions/workflows/release.yml/badge.svg?branch=master)](https://github.com/Synthetixio/synpress/actions/workflows/release.yml)
+[![CodeQL](https://github.com/Synthetixio/synpress/actions/workflows/codeql.yml/badge.svg?branch=master)](https://github.com/Synthetixio/synpress/actions/workflows/codeql.yml)
 [![Discord](https://img.shields.io/discord/413890591840272394.svg?color=768AD4&label=discord&logo=https%3A%2F%2Fdiscordapp.com%2Fassets%2F8c9701b98ad4372b58f13fd9f65f966e.svg)](https://discordapp.com/channels/413890591840272394/)
 [![Twitter Follow](https://img.shields.io/twitter/follow/synthetix_io.svg?label=synthetix_io&style=social)](https://twitter.com/synthetix_io)
 
@@ -129,9 +131,10 @@ Options:
 
 1. Create PR from `dev` branch to `master` branch
 2. Merge it
-3. Run [GitHub Action workflow](https://github.com/Synthetixio/synpress/actions/workflows/release.yml) named `Release CI` with `patch|minor|major` depending on your choice
+3. Run GitHub Action workflow named [Release CI](https://github.com/Synthetixio/synpress/actions/workflows/release.yml) with `patch|minor|major` depending on your needs.
+
+Alternatively, instead of running GitHub Action for release, you can move on with manual release process:
 
-Intead of running GitHub Action for release, you can move on with manual release process:
 1. Switch to `master` branch and pull latest changes
 2. Run `npm run release:patch/minor/major` command
 3. Keep `dev` branch up to date with `master`