diff --git a/DevSecOps/azure-pipelines-checkov.yaml b/DevSecOps/azure-pipelines-checkov.yaml
new file mode 100644
index 0000000..274a5cc
--- /dev/null
+++ b/DevSecOps/azure-pipelines-checkov.yaml
@@ -0,0 +1,79 @@
+trigger:
+  branches:
+    include:
+      - master       
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+stages:
+- stage: Checkov_Scan
+  jobs:
+  - job: Checkov_Scan
+    steps:
+    - task: UsePythonVersion@0
+      inputs:
+        versionSpec: '3.x'
+        architecture: 'x64'
+    - script: |
+        pip install --quiet checkov && pip install --quiet --upgrade checkov
+        export CKV_OPENAI_MAX_FINDINGS="0"
+        mkdir -p "$(Build.ArtifactStagingDirectory)/vulns"
+        checkov -d . --quiet \
+                --output cli \
+                --output csv \
+                --output-file-path "$(Build.ArtifactStagingDirectory)/vulns/" \
+                --enable-secret-scan-all-files \
+                --deep-analysis \
+                --create-baseline \
+                --run-all-external-checks \
+                --external-checks-dir devsecops/checkov/cloudformation/checks/resource/aws/ \
+                --include-all-checkov-policies \
+                --framework cloudformation \
+                --openai-api-key "$oai" \
+                --summary-position bottom \
+                --no-fail-on-crash \
+                || true
+      displayName: 'Run Checkov Scan'
+      env:
+        oai: $(oai)
+    - task: PublishPipelineArtifact@1
+      inputs:
+        targetPath: '$(Build.ArtifactStagingDirectory)/vulns'
+        artifact: 'checkov-results'
+
+- stage: Checkov_Scan_Soft_Fail
+  jobs:
+  - job: Checkov_Scan_Soft_Fail
+    steps:
+    - task: UsePythonVersion@0
+      inputs:
+        versionSpec: '3.x'
+        architecture: 'x64'
+    - script: |
+        pip install --quiet checkov && pip install --quiet --upgrade checkov
+        export CKV_OPENAI_MAX_FINDINGS="0"
+        mkdir -p "$(Build.ArtifactStagingDirectory)/vulns"
+        checkov -d . --quiet \
+                --output cli \
+                --output csv \
+                --output-file-path "$(Build.ArtifactStagingDirectory)/vulns/" \
+                --enable-secret-scan-all-files \
+                --deep-analysis \
+                --create-baseline \
+                --run-all-external-checks \
+                --external-checks-dir devsecops/checkov/cloudformation/checks/resource/aws/ \
+                --include-all-checkov-policies \
+                --framework cloudformation \
+                --openai-api-key "$oai" \
+                --summary-position bottom \
+                --no-fail-on-crash \
+                --soft-fail \
+                || true
+      displayName: 'Run Checkov Scan (Soft Fail)'
+      env:
+        oai: $(oai)
+    - task: PublishPipelineArtifact@1
+      inputs:
+        targetPath: '$(Build.ArtifactStagingDirectory)/vulns'
+        artifact: 'checkov-results-soft-fail'