diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9307af3b405..7a43b36cd8f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['go', 'javascript', 'python']
+        language: ['javascript', 'python']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
diff --git a/.pipelines/ci.yml b/.pipelines/ci.yml
index e40390b0030..8357f9047ae 100644
--- a/.pipelines/ci.yml
+++ b/.pipelines/ci.yml
@@ -1,4 +1,17 @@
 # Azure DevOps Pipeline running CI
+#
+# Note: This pipeline uses a secret variable "github_codeql_upload_token".
+#       This is a GitHub Personal Access Token (Classic) owned by mbarnes.
+#       It has no expiration and only has the "security_events" scope for
+#       the purpose of uploading CodeQL results.
+#
+#       However, for this secret to be available to pull requests from
+#       forked ARO-RP repositories, the pipeline option "Make secrets
+#       available to builds of forks" is enabled.
+#
+#       More information:
+#       https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/github#contributions-from-forks
+#
 trigger:
   branches:
     include:
@@ -31,6 +44,20 @@ variables:
 - template: vars.yml
 
 jobs:
+- job: Golang_CodeQL
+  pool:
+    name: 1es-aro-ci-pool
+  variables:
+    HOME: $(Agent.BuildDirectory)
+  steps:
+    - template: ./templates/template-checkout.yml
+    - template: ./templates/template-codeql.yml
+      parameters:
+        language: go
+        target: golang
+        github_token: $(github_codeql_upload_token)
+  timeoutInMinutes: 120
+
 - job: Python_Unit_Tests
   pool:
     name: 1es-aro-ci-pool
diff --git a/.pipelines/templates/template-codeql.yml b/.pipelines/templates/template-codeql.yml
new file mode 100644
index 00000000000..bbde79757ad
--- /dev/null
+++ b/.pipelines/templates/template-codeql.yml
@@ -0,0 +1,36 @@
+parameters:
+- name: language
+  type: string
+  values:
+  # Based on "codeql resolve languages"
+  - cpp
+  - csharp
+  - csv
+  - go
+  - html
+  - java
+  - javascript
+  - properties
+  - python
+  - ruby
+  - xml
+- name: target
+  type: string
+  default: host
+- name: github_token
+  type: string
+
+# Based on "Use CodeQL in CI system" documentation:
+# https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
+steps:
+- script: |
+    set -xe
+    sarif_file=codeql-results-${{ parameters.language }}.sarif
+    wget --quiet --output-document=- https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.gz | tar --extract --gunzip
+    ./codeql/codeql database create ./codeql-db --language=${{ parameters.language }}
+    ./codeql/codeql database analyze ./codeql-db --format=sarif-latest --sarif-category=no --output=${sarif_file}
+    ./codeql/codeql github upload-results --sarif=${sarif_file} --ref=$(Build.SourceBranch)
+  env:
+    GITHUB_TOKEN: ${{ parameters.github_token }}
+  displayName: ⚙️ CodeQL Analysis (${{ parameters.language }})
+  target: ${{ parameters.target }}