diff --git a/azure-pipelines-static-analysis.yml b/azure-pipelines-static-analysis.yml
new file mode 100644
index 0000000000..a98aea8c8c
--- /dev/null
+++ b/azure-pipelines-static-analysis.yml
@@ -0,0 +1,33 @@
+
+# Run this job every night at midnight on the main branch
+schedules:
+- cron: "0 0 * * *"
+  displayName: Nightly static analysis build
+  branches:
+    include:
+    - main
+
+# Semmle task only works on Windows
+pool:
+  vmImage: 'windows-latest'
+
+variables:
+  # Upload static analysis snapshot to LGTM
+  LGTM.UploadSnapshot: true
+
+jobs:
+- job: static
+  displayName: 'Static Analysis (CodeQL & LGTM)'
+  steps:
+  - task: Semmle@0
+    env:
+      SYSTEM_ACCESSTOKEN: $(LGTM_READ_TOKEN)
+    inputs:
+      toolVersion: 'LatestPreRelease'
+      sourceCodeDirectory: '$(Build.SourcesDirectory)\Composer'
+      language: 'tsandjs'
+      includeNodeModules: true
+      querySuite: 'Recommended'
+      timeout: '1800'
+      ram: '16384'
+      addProjectDirToScanningExclusionList: true