diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
new file mode 100644
index 000000000..70a19c680
--- /dev/null
+++ b/.github/workflows/static-analysis.yml
@@ -0,0 +1,86 @@
+# JULEA - Flexible storage framework
+# Copyright (C) 2026 Jan Frase
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+name: static-analysis.yml
+on: [push, pull_request]
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  # This job is responsible for running Codechecker.
+  code-checker:
+    name: Code checker
+    runs-on: ubuntu-24.04
+    timeout-minutes: 60
+    env:
+      JULEA_SPACK_DIR: /julea-dependencies
+
+
+    steps:
+      # First, checkout julea.
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          show-progress: false
+
+      # Get the dependencies.
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo apt --yes --no-install-recommends install meson ninja-build pkgconf libglib2.0-dev libbson-dev libfabric-dev libgdbm-dev liblmdb-dev libsqlite3-dev libleveldb-dev libmongoc-dev libmariadb-dev librocksdb-dev libfuse3-dev libopen-trace-format-dev librados-dev
+
+      # Then, generate compile_commands.json.
+      - name: Generate compile_commands.json
+        env:
+          CC: clang
+        run: |
+          . scripts/environment.sh
+          meson setup bld
+        
+      # Install CodeChecker, gcc and cppcheck.
+      - name: Install CodeChecker
+        run: |
+          pip install codechecker
+          sudo apt install --yes --no-install-recommends cppcheck gcc 
+
+      - name: Install Infer
+        run: |
+          VERSION=1.3.0; \
+          curl -sSL "https://github.com/facebook/infer/releases/download/v$VERSION/infer-linux-x86_64-v$VERSION.tar.xz" \
+          | sudo tar -C /opt -xJ && \
+          sudo ln -s "/opt/infer-linux-x86_64-v$VERSION/bin/infer" /usr/local/bin/infer
+
+      # Run the analysis.
+      - name: Run CodeChecker
+        # Since we already have ~100 warnings, i have disabled the sensitive checks for now.
+        # Should we ever run out of warnings, feel free to enable them again :D
+        run: CodeChecker analyze ./bld/compile_commands.json -o results --ctu || true #--enable sensitive
+
+      # Parse the results and generate an HTML report.
+      - name: Generate HTML report
+        run: |
+          # The parse command returns with exit code 2 if it finds any bugs.
+          # Thus, we ignore the exit code with "|| true", to avoid failing the workflow.
+          CodeChecker parse --export html --output ./reports_html ./results || true
+
+      # Lastly, upload the results to the CI.
+      - name: Upload results
+        uses: actions/upload-artifact@v7.0.1
+        with:
+          name: "CodeChecker Bug Reports"
+          path: ./reports_html
\ No newline at end of file
diff --git a/doc/static-analysis.md b/doc/static-analysis.md
new file mode 100644
index 000000000..e0021142f
--- /dev/null
+++ b/doc/static-analysis.md
@@ -0,0 +1,59 @@
+# Static Analysis
+
+The codebase is checked for defects using CodeChecker, which wraps several static analysis tools (clang-sa, gcc, infer, cppcheck).
+
+## Pipeline
+It is automatically run in the GitHub pipeline and emits an artifact called "CodeChecker Bug Reports".
+A small summary of the number and types of errors found is given at the end of the "Generate HTML report" step.
+To view the detailed results, the artifact must be downloaded, extracted, and the `index.html` or `statistics.html` file opened.
+
+## Local
+Alternatively, the tool can be run locally.
+A full guide can be found [here](https://github.com/Ericsson/codechecker/blob/master/docs/usage.md).
+
+Notably, the tool can calculate a diff between two analysis runs as explained [here](https://github.com/Ericsson/codechecker/blob/master/docs/usage.md#using-diff-command-on-the-local-filesystem).
+This can be used to check whether your current local changes would introduce or remove any bugs.
+
+In summary:
+1. Ensure CodeChecker, the desired static analysis tools, and all JULEA dependencies are installed and available.
+
+2. Generate a `compile_commands.json` file.
+```bash
+meson setup bld
+```
+
+3. Run the analysis.
+```bash
+CodeChecker analyze ./bld/compile_commands.json -o results
+```
+
+4. Parse and view the results.
+```bash
+CodeChecker parse --export html --output ./reports_html ./results  &&
+firefox ./reports_html/index.html
+```
+
+## Setting the review status
+A static analysis report can be marked as confirmed, false-positive or ignored via a comment above the relevant line.
+A full guide can be found [here](https://github.com/Ericsson/codechecker/blob/master/docs/analyzer/user_guide.md#review-status-handling).
+
+The source code comment has the following format:
+``` 
+// codechecker_<type> [<checker name>] comment
+```
+
+The type can either be:
+- suppress
+- false_positive
+- intentional
+- confirmed
+
+Example:
+```C
+// codechecker_confirmed [deadcode.DeadStores] suppress deadcode
+x = 1; // warn
+```
+
+## Potential improvements
+The current setup is quite bare-bones.
+CodeChecker supports running a server to store results of previous analysis runs, tracking reports that have already been marked as known false positives, and automatically calculating a diff between the main branch and the branch to be merged.