diff --git a/.github/workflows/trigger-gitlab.yml b/.github/workflows/trigger-gitlab.yml
new file mode 100644
index 00000000..6ad78a04
--- /dev/null
+++ b/.github/workflows/trigger-gitlab.yml
@@ -0,0 +1,33 @@
+# inspired by rhinstaller/anaconda
+
+name: Trigger GitLab CI
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  trigger-gitlab:
+    runs-on: ubuntu-latest
+    env:
+      IMAGEBUILDER_BOT_GITLAB_SSH_KEY: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_SSH_KEY }}
+    steps:
+      - name: Install Dependencies
+        run: |
+          sudo apt install -y jq
+
+      - name: Clone repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Push to gitlab
+        run: |
+          mkdir -p ~/.ssh
+          echo "${IMAGEBUILDER_BOT_GITLAB_SSH_KEY}" > ~/.ssh/id_rsa
+          chmod 400 ~/.ssh/id_rsa
+          touch ~/.ssh/known_hosts
+          ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
+          git remote add ci git@gitlab.com:redhat/services/products/image-builder/ci/image-builder-frontend.git
+          git push -f ci
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..f6457f7d
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,34 @@
+stages:
+  - init
+  - test
+  - finish
+
+.terraform:
+  after_script:
+    - schutzbot/update_github_status.sh update
+  tags:
+    - terraform
+
+init:
+  stage: init
+  tags:
+    - shell
+  script:
+    - schutzbot/update_github_status.sh start
+
+SonarQube:
+  stage: test
+  extends: .terraform
+  script:
+    - schutzbot/sonarqube.sh
+  variables:
+    RUNNER: aws/centos-stream-8-x86_64
+    INTERNAL_NETWORK: "true"
+    GIT_DEPTH: 0
+
+finish:
+  stage: finish
+  tags:
+    - shell
+  script:
+    - schutzbot/update_github_status.sh finish
diff --git a/schutzbot/RH-IT-Root-CA.keystore b/schutzbot/RH-IT-Root-CA.keystore
new file mode 100644
index 00000000..f6a60adb
Binary files /dev/null and b/schutzbot/RH-IT-Root-CA.keystore differ
diff --git a/schutzbot/sonarqube.sh b/schutzbot/sonarqube.sh
new file mode 100755
index 00000000..24b631c9
--- /dev/null
+++ b/schutzbot/sonarqube.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+SONAR_SCANNER_CLI_VERSION=${SONAR_SCANNER_CLI_VERSION:-4.6.2.2472}
+
+export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore=schutzbot/RH-IT-Root-CA.keystore -Djavax.net.ssl.trustStorePassword=$KEYSTORE_PASS"
+sudo dnf install -y unzip nodejs
+curl "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_CLI_VERSION-linux.zip" -o sonar-scanner-cli.zip
+unzip -q sonar-scanner-cli.zip
+
+SONAR_SCANNER_CMD="sonar-scanner-$SONAR_SCANNER_CLI_VERSION-linux/bin/sonar-scanner"
+SCANNER_OPTS="-Dsonar.projectKey=osbuild:image-builder-frontend -Dsonar.sources=. -Dsonar.host.url=https://sonarqube.corp.redhat.com -Dsonar.login=$SONAR_SCANNER_TOKEN"
+
+# add options for branch analysis if not running on main
+if [ "$CI_COMMIT_BRANCH" != "main" ];then
+    SCANNER_OPTS="$SCANNER_OPTS -Dsonar.pullrequest.branch=$CI_COMMIT_BRANCH -Dsonar.pullrequest.key=$CI_COMMIT_SHA -Dsonar.pullrequest.base=main"
+fi
+
+# run the sonar-scanner
+eval "$SONAR_SCANNER_CMD $SCANNER_OPTS"
+
+SONARQUBE_URL="https://sonarqube.corp.redhat.com/dashboard?id=osbuild%3Aimage-builder-frontend&pullRequest=$CI_COMMIT_SHA"
+# Report back to GitHub
+curl \
+    -u "${SCHUTZBOT_LOGIN}" \
+    -X POST \
+    -H "Accept: application/vnd.github.v3+json" \
+    "https://api.github.com/repos/RedHatInsights/image-builder-frontend/statuses/${CI_COMMIT_SHA}" \
+    -d '{"state":"success", "description": "SonarQube scan sent for analysis", "context": "SonarQube", "target_url": "'"${SONARQUBE_URL}"'"}'
diff --git a/schutzbot/terraform b/schutzbot/terraform
new file mode 100644
index 00000000..ed7c5613
--- /dev/null
+++ b/schutzbot/terraform
@@ -0,0 +1 @@
+75d786e792a7b58634689b24ac379678b444fa65
diff --git a/schutzbot/update_github_status.sh b/schutzbot/update_github_status.sh
new file mode 100755
index 00000000..4a0122da
--- /dev/null
+++ b/schutzbot/update_github_status.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [[ $1 == "start" ]]; then
+  GITHUB_NEW_STATE="pending"
+  GITHUB_NEW_DESC="I'm currently testing this commit, be patient."
+elif [[ $1 == "finish" ]]; then
+  GITHUB_NEW_STATE="success"
+  GITHUB_NEW_DESC="I like this commit!"
+elif [[ $1 == "update" ]]; then
+  if [[ $CI_JOB_STATUS == "canceled" ]]; then
+    GITHUB_NEW_STATE="failure"
+    GITHUB_NEW_DESC="Someone told me to cancel this test run."
+  elif [[ $CI_JOB_STATUS == "failed" ]]; then
+    GITHUB_NEW_STATE="failure"
+    GITHUB_NEW_DESC="I'm sorry, something is odd about this commit."
+  else
+    exit 0
+  fi
+else
+  echo "unknown command"
+  exit 1
+fi
+
+curl \
+    -u "${SCHUTZBOT_LOGIN}" \
+    -X POST \
+    -H "Accept: application/vnd.github.v3+json" \
+    "https://api.github.com/repos/RedHatInsights/image-builder-frontend/statuses/${CI_COMMIT_SHA}" \
+    -d '{"state":"'"${GITHUB_NEW_STATE}"'", "description": "'"${GITHUB_NEW_DESC}"'", "context": "Schutzbot on GitLab", "target_url": "'"${CI_PIPELINE_URL}"'"}'