diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 50b16c35368..dd8fd9d1db9 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -6,3 +6,4 @@
 # These owners will be the default owners for everything in
 # the repo, unless a later match takes precedence.
 *       @iTwin/itwinui
+/scripts/zip-for-veracode.mjs @ben-polinsky
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 295ca2bc6cc..41e8cd20325 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -367,3 +367,50 @@ jobs:
           name: e2e-report
           path: testing/e2e/playwright-report/
           retention-days: 30
+
+  veracode:
+    name: Zip and Upload files to Veracode
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Zip files for veracode
+        shell: bash
+        run: |
+          sourceDirs=("apps" "packages")
+          outputFile="itwui-veracode.zip"
+
+          excludedPaths=(
+            ".git/*"
+            "**/backstop/*"
+            "**/cypress*/*"
+          )
+
+          zipCommand="zip -r $outputFile"
+
+          for dir in "${sourceDirs[@]}"; do
+            zipCommand+=" $dir"
+          done
+
+          for path in "${excludedPaths[@]}"; do
+            zipCommand+=" -x \"$path\""
+          done
+
+          eval $zipCommand
+
+          if [[ $? -eq 0 ]]; then
+            echo "Zip file created successfully"
+          else
+            echo "An error occurred while creating the zip file"
+            exit 1
+          fi
+
+      - name: Upload & scan
+        uses: veracode/veracode-uploadandscan-action@0.2.6
+        with:
+          appname: 'iTwinUI - UX (ITWUI - 3418)'
+          filepath: 'itwui-veracode.zip'
+          vid: ${{ secrets.VERACODE_ID }}
+          vkey: ${{ secrets.VERACODE_SECRET_KEY }}