diff --git a/.cppcheck_suppressions b/.cppcheck_suppressions
new file mode 100644
index 0000000000000..5b140152e7f08
--- /dev/null
+++ b/.cppcheck_suppressions
@@ -0,0 +1,59 @@
+arrayIndexThenCheck
+assignBoolToFloat
+checkersReport
+constParameterPointer
+constParameterReference
+constStatement
+constVariable
+constVariablePointer
+constVariableReference
+containerOutOfBounds
+cstyleCast
+ctuOneDefinitionRuleViolation
+current_deleted_index
+duplicateAssignExpression
+duplicateBranch
+duplicateBreak
+duplicateCondition
+duplicateExpression
+funcArgNamesDifferent
+functionConst
+functionStatic
+invalidPointerCast
+knownConditionTrueFalse
+missingInclude
+missingIncludeSystem
+multiCondition
+noConstructor
+noExplicitConstructor
+noValidConfiguration
+obstacle_cruise_planner
+passedByValue
+preprocessorErrorDirective
+redundantAssignment
+redundantContinue
+redundantIfRemove
+redundantInitialization
+returnByReference
+selfAssignment
+shadowArgument
+shadowFunction
+shadowVariable
+stlFindInsert
+syntaxError
+uninitMemberVar
+unknownMacro
+unmatchedSuppression
+unpreciseMathCall
+unreadVariable
+unsignedLessThanZero
+unusedFunction
+unusedScopedObject
+unusedStructMember
+unusedVariable
+useInitializationList
+useStlAlgorithm
+uselessCallsSubstr
+uselessOverride
+variableScope
+virtualCallInConstructor
diff --git a/.github/workflows/cppcheck-all.yaml b/.github/workflows/cppcheck-all.yaml
new file mode 100644
index 0000000000000..db3bd5d259895
--- /dev/null
+++ b/.github/workflows/cppcheck-all.yaml
@@ -0,0 +1,60 @@
+name: cppcheck-all
+
+on:
+  pull_request:
+  schedule:
+    - cron: 0 0 * * *
+  workflow_dispatch:
+
+jobs:
+  cppcheck-all:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential cmake git libpcre3-dev
+
+      # cppcheck from apt does not yet support --check-level args, and thus install from source
+      - name: Install Cppcheck from source
+        run: |
+          mkdir /tmp/cppcheck
+          git clone https://github.com/danmar/cppcheck.git /tmp/cppcheck
+          cd /tmp/cppcheck
+          git checkout 2.14.1
+          mkdir build
+          cd build
+          cmake ..
+          make -j $(nproc)
+          sudo make install
+
+      - name: Run Cppcheck on all files
+        continue-on-error: true
+        id: cppcheck
+        run: |
+          cppcheck --enable=all --inconclusive --check-level=exhaustive --error-exitcode=1 --xml . 2> cppcheck-report.xml
+        shell: bash
+
+      - name: Count errors by error ID and severity
+        run: |
+          #!/bin/bash
+          temp_file=$(mktemp)
+          grep -oP '(?<=id=")[^"]+" severity="[^"]+' cppcheck-report.xml | sed 's/" severity="/,/g' > "$temp_file"
+          echo "Error counts by error ID and severity:"
+          sort "$temp_file" | uniq -c
+          rm "$temp_file"
+        shell: bash
+
+      - name: Upload Cppcheck report
+        uses: actions/upload-artifact@v2
+        with:
+          name: cppcheck-report
+          path: cppcheck-report.xml
+
+      - name: Fail the job if Cppcheck failed
+        if: steps.cppcheck.outcome == 'failure'
+        run: exit 1
diff --git a/.github/workflows/cppcheck-differential.yaml b/.github/workflows/cppcheck-differential.yaml
new file mode 100644
index 0000000000000..914abd7df86ea
--- /dev/null
+++ b/.github/workflows/cppcheck-differential.yaml
@@ -0,0 +1,65 @@
+name: cppcheck-differential
+
+on:
+  pull_request:
+
+jobs:
+  cppcheck-differential:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential cmake git libpcre3-dev
+
+      # cppcheck from apt does not yet support --check-level args, and thus install from source
+      - name: Install Cppcheck from source
+        run: |
+          mkdir /tmp/cppcheck
+          git clone https://github.com/danmar/cppcheck.git /tmp/cppcheck
+          cd /tmp/cppcheck
+          git checkout 2.14.1
+          mkdir build
+          cd build
+          cmake ..
+          make -j $(nproc)
+          sudo make install
+
+      - name: Get changed files
+        id: changed-files
+        run: |
+          git fetch origin ${{ github.base_ref }} --depth=1
+          git diff --name-only FETCH_HEAD ${{ github.sha }} > changed_files.txt
+          cat changed_files.txt
+
+      - name: Run Cppcheck on changed files
+        continue-on-error: true
+        id: cppcheck
+        run: |
+          files=$(cat changed_files.txt | grep -E '\.(cpp|hpp)$' || true)
+          if [ -n "$files" ]; then
+            echo "Running Cppcheck on changed files: $files"
+            cppcheck --enable=all --inconclusive --check-level=exhaustive --error-exitcode=1 --suppressions-list=.cppcheck_suppressions $files 2> cppcheck-report.txt
+          else
+            echo "No C++ files changed."
+            touch cppcheck-report.txt
+          fi
+        shell: bash
+
+      - name: Show cppcheck-report result
+        run: |
+          cat cppcheck-report.txt
+
+      - name: Upload Cppcheck report
+        uses: actions/upload-artifact@v2
+        with:
+          name: cppcheck-report
+          path: cppcheck-report.txt
+
+      - name: Fail the job if Cppcheck failed
+        if: steps.cppcheck.outcome == 'failure'
+        run: exit 1