diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index af214e4..b0f9538 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,12 +17,31 @@ jobs:
     name: Build tutorial
     runs-on: ubuntu-24.04
     container: ghcr.io/iarsystems/arm
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+      packages: read
     steps:
     - name: Checkout project
       uses: actions/checkout@v4
+
     - name: CMake - Configure
       working-directory: tutorial
       run: cmake -GNinja -Bbuild
+
     - name: CMake - Build
       working-directory: tutorial
       run: cmake --build build --verbose
+
+    - name: IAR C-STAT Static Analysis
+      working-directory: tutorial
+      run: |
+        ichecks --all --output build/checks.manifest
+        icstat --checks build/checks.manifest --db build/cstat.db --sarif_dir build analyze -- iccarm tutorial.c
+    
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: tutorial/build/tutorial.c.sarif
+        category: cstat-analysis