diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
new file mode 100644
index 0000000000..62991db35f
--- /dev/null
+++ b/.github/workflows/govulncheck.yml
@@ -0,0 +1,38 @@
+name: Nightly govulncheck
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '00 00 * * *'
+jobs:
+  govulncheck-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          repository: 'DataDog/dd-trace-go'
+      - name: Checkout Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.18'
+      - name: Install govulncheck
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Comment results
+        id: results
+        run: |
+          function check_results {
+            results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq)
+            num=$(echo $results | wc -l)
+            if [ $num -gt 0 ]; then
+              echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY
+              echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more"
+              found=$(( found | 1))
+            fi
+          }
+          path=./ddtrace/... check_results
+          path=./appsec/... check_results
+          path=./internal/... check_results
+          path=./profiler/... check_results
+          exit $found
\ No newline at end of file