diff --git a/.github/actions/spelling/excludes.txt b/.github/actions/spelling/excludes.txt
index 6981bc4e..e26cca5b 100644
--- a/.github/actions/spelling/excludes.txt
+++ b/.github/actions/spelling/excludes.txt
@@ -1,7 +1,10 @@
-^\.github/actions/spelling/
-^\.github/FUNDING\.yml
-^\.travis\.yml$
 \.def$
+^AUTHORS$
+^\.github/FUNDING\.yml$
+^\.github/actions/spelling/
+^\.github/workflows/ci\.yml$
+^\.github/workflows/coverity\.yml$
+^\.github/workflows/doxygen-github-pages\.yml$
+^\.gitignore$
+^\.travis\.yml$
 ^packages/buildroot/
-^\.gitignore
-^AUTHORS
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 97bf88e6..18107918 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,8 @@ name: CI
 on:
   pull_request:
   push:
+    branches-ignore:
+    - coverity_scan
     paths-ignore:
     - '.circleci/**'
     - '.github/actions/spelling/**'
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 00000000..de8cc1bc
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,55 @@
+name: Coverity
+
+on:
+  push:
+    branches: coverity_scan
+    paths-ignore:
+    - '.circleci/**'
+    - '.github/actions/spelling/**'
+    - 'docs/**'
+    - 'packages**'
+    - .cirrus.yml
+    - .clang-format
+    - .gitignore
+    - .travis.yml
+    - AUTHORS
+    - COPYRIGHT
+    - ChangeLog.md
+    - LICENSE
+    - README.md
+    - appveyor.yml
+
+env:
+  COVERITY_SCAN_PROJECT_NAME: 'ReOpen/libmdbx'
+  COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+  COVERITY_SCAN_BUILD_COMMAND: 'make MDBX_OPTIONS=-DMDBX_DEBUG=2 CXXSTD=-std=gnu++17 build-test'
+  COVERITY_SCAN_NOTIFICATION_EMAIL: 'leo@yuriev.ru'
+  COVERITY_UNSUPPORTED_COMPILER_INVOCATION: 1
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: fetch tags
+      run: git fetch --unshallow --tags --prune --force
+    - name: Download Coverity Build Tool
+      run: |
+        wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O cov-analysis-linux64.tar.gz
+        mkdir cov-analysis-linux64
+        tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+    - name: Build with cov-build
+      run: |
+        export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
+        cov-build --dir cov-int $COVERITY_SCAN_BUILD_COMMAND
+    - name: Submit the result to Coverity Scan
+      run: |
+        tar czvf libmdbx.tgz cov-int
+        curl \
+          --form project=$COVERITY_SCAN_PROJECT_NAME \
+          --form token=$COVERITY_SCAN_TOKEN \
+          --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
+          --form file=@libmdbx.tgz \
+          --form version=$GITHUB_SHA \
+          --form description="GithubActionCI $GITHUB_ACTION" \
+            https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME