diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..280df471
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,18 @@
+name: CodeQL
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '16 14 * * 4'
+
+jobs:
+  codeql:
+    uses: liquibase/build-logic/.github/workflows/codeql.yml@v0.6.1
+    secrets: inherit
+    with:
+      languages: '["java"]'
diff --git a/.snyk b/.snyk
deleted file mode 100644
index 0808500f..00000000
--- a/.snyk
+++ /dev/null
@@ -1,10 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.22.1
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  SNYK-JAVA-ORGLIQUIBASE-2419059:
-    - '*':
-        reason: ignore liquibase version
-        expires: 2025-03-07T00:00:00.000Z
-        created: 2022-03-07T15:57:03.089Z
-patch: {}