diff --git a/bucket/codeql.json b/bucket/codeql.json
new file mode 100644
index 0000000000..ba54524775
--- /dev/null
+++ b/bucket/codeql.json
@@ -0,0 +1,25 @@
+{
+    "version": "2.10.1",
+    "description": "Source code security analyzer from GitHub",
+    "homepage": "https://github.com/github/codeql-cli-binaries",
+    "license": {
+        "identifier": "Proprietary",
+        "url": "https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md"
+    },
+    "architecture": {
+        "64bit": {
+            "url": "https://github.com/github/codeql-cli-binaries/releases/download/v2.10.1/codeql-win64.zip",
+            "hash": "9decdb563ac4debc52c0e9b7b85202f5fe3d24f29958def5f77c92b0166748a0",
+            "extract_dir": "codeql"
+        }
+    },
+    "bin": "codeql.exe",
+    "checkver": "github",
+    "autoupdate": {
+        "architecture": {
+            "64bit": {
+                "url": "https://github.com/github/codeql-cli-binaries/releases/download/v$version/codeql-win64.zip"
+            }
+        }
+    }
+}