diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 000000000..6209c5246
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,104 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  scanner-build:
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: genesis-dump
+        run: |
+          #!/usr/bin/env bash
+          
+          set -euo pipefail
+          
+          info() { echo "INFO: $(date): $*" }
+          
+          generate_genesis_dump() {
+            info "Building updater"
+            make build-updater
+            
+            info "Generating genesis dump"
+            mkdir -p /tmp/genesis-dump
+            bin/updater generate-dump --out-file /tmp/genesis-dump/genesis-dump.zip
+            ls -lrt /tmp/genesis-dump
+            
+            info "Printing some stats"
+            bin/updater print-stats /tmp/genesis-dump/genesis-dump.zip
+            
+            info "Extracting dumps"
+            mkdir -p /tmp/vuln-dump
+            zip /tmp/genesis-dump/genesis-dump.zip 'nvd/*' --copy --out /tmp/vuln-dump/nvd-definitions.zip
+            zip /tmp/genesis-dump/genesis-dump.zip 'k8s/*' --copy --out /tmp/vuln-dump/k8s-definitions.zip
+            zip /tmp/genesis-dump/genesis-dump.zip 'istio/*' --copy --out /tmp/vuln-dump/istio-definitions.zip
+            zip /tmp/genesis-dump/genesis-dump.zip 'rhelv2/repository-to-cpe.json' --copy --out /tmp/vuln-dump/repo2cpe.zip
+          }
+          
+          generate_genesis_dump
+      - name: build-bundle
+        run: |
+          #!/usr/bin/env bash
+
+          set -euo pipefail
+          
+          info() { echo "INFO: $(date): $*" }
+
+          cleanup_image() {
+              info "Reducing the image size"
+
+              set +e
+              rm -rf /go/{bin,pkg}
+              rm -rf /root/{.cache,.npm}
+              rm -rf /usr/local/share/.cache
+              rm -rf .git
+              rm -rf image/scanner/bin"
+              rm -rf image/scanner/rhel/THIRD_PARTY_NOTICES"
+              set -e
+          }
+
+          get_genesis_dump() {
+              info "Retrieving Genesis dump"
+
+              ls -lrt /tmp/vuln-dump || info "No local genesis dump"
+
+              unzip -d image/scanner/dump /tmp/vuln-dump/nvd-definitions.zip
+              unzip -d image/scanner/dump /tmp/vuln-dump/k8s-definitions.zip
+              unzip -d image/scanner/dump /tmp/vuln-dump/repo2cpe.zip
+              unzip -d image/scanner/dump /tmp/vuln-dump/istio-definitions.zip
+          }
+
+          build_bundle() {
+              # avoid a -dirty tag
+              info "Reset to remove Dockerfile modification by OpenShift CI"
+              git restore .
+              git status
+
+              info "Building Scanner binary"
+              make scanner-build-nodeps
+
+              info "Making THIRD_PARTY_NOTICES"
+              make ossls-notice
+
+              get_genesis_dump
+
+              info "Creating Scanner bundle"
+              image/scanner/rhel/create-bundle.sh image/scanner image/scanner/rhel
+
+              cleanup_image
+          }
+
+          build_bundle
\ No newline at end of file