diff --git a/.github/workflows/veracode-upload.yml b/.github/workflows/veracode-upload.yml
new file mode 100644
index 000000000..54464d566
--- /dev/null
+++ b/.github/workflows/veracode-upload.yml
@@ -0,0 +1,73 @@
+#################################################################################
+# Tractus-X - Digital Product Passport Application
+#
+# Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the
+# License for the specific language govern in permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#################################################################################
+
+name: "Veracode upload and scan"
+
+on:
+  push:
+    branches: [ "main" ]
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch to use"
+        required: true
+        default: 'main'
+        type: string
+
+  schedule:
+    # Once a day
+    - cron: "0 0 * * *"
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          repository: ''
+
+      - uses: actions/setup-java@v3
+        with:
+          java-version: 19
+          distribution: 'adopt'
+
+      - name: build
+        run: |
+          cd dpp-backend/digitalproductpass
+          mvn dependency:purge-local-repository clean verify
+
+      - run: zip -r veracode-scan-target.zip ./
+
+      - name: Run Veracode Upload And Scan
+        uses: veracode/veracode-uploadandscan-action@0.2.1
+        with:
+          appname: "Battery-Passport-Consumer-App"
+          createprofile: false
+          filepath: "./veracode-scan-target.zip"
+          vid: '${{ secrets.VERACODE_API_ID || secrets.ORG_VERACODE_API_ID }}'
+          vkey: '${{ secrets.VERACODE_API_KEY || secrets.ORG_VERACODE_API_KEY }}'