diff --git a/.gitea/workflows/code-analysis.yml b/.gitea/workflows/code-analysis.yml
new file mode 100644
index 0000000..4606981
--- /dev/null
+++ b/.gitea/workflows/code-analysis.yml
@@ -0,0 +1,40 @@
+name: Code Analysis (JS/Vue)
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  analyze:
+    runs-on: gitea
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Show versions
+        run: |
+          node -v || true
+          npm -v || true
+
+      # Install
+      - name: Install dependencies
+        run: npm ci
+
+      # 1) Linting / Code-Qualität
+      - name: Lint
+        run: npm run lint
+
+      # Tests (optional aber sehr sinnvoll)
+      - name: Unit tests
+        run: npm test
+
+      # Optional: Build check (Vue/Vite/Nuxt)
+      - name: Build
+        run: npm run build --if-present
+
+      # 2) SAST / Security: Semgrep (ohne Docker, via pip)
+      - name: Semgrep (SAST)
+        run: |
+          python3 -m pip install --user --upgrade pip semgrep
+          ~/.local/bin/semgrep --config p/default --error
diff --git a/package.json b/package.json
index 9ee1acf..f047dda 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,8 @@
     "start": "nuxt start --port 3100",
     "postinstall": "nuxt prepare",
     "test": "vitest run",
-    "test:watch": "vitest watch"
+    "test:watch": "vitest watch",
+    "lint": "eslint . --ext .js,.vue --fix"
   },
   "dependencies": {
     "@pinia/nuxt": "^0.11.2",