diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
deleted file mode 100644
index 06c5b35..0000000
--- a/.github/workflows/codeql.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-name: CodeQL
-
-on:
-  push:
-    branches: [main, master]
-  pull_request:
-    branches: [main, master]
-  schedule:
-    - cron: "27 4 * * 1" # weekly, Monday 04:27 UTC
-
-concurrency:
-  group: codeql-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  analyze:
-    runs-on: ubuntu-latest
-    # Dependabot PRs run with a read-only token (security-events: write and
-    # packages: read are denied), so CodeQL upload + mirror-api resolution
-    # fail. Merged code is still scanned via the push + schedule triggers.
-    if: github.actor != 'dependabot[bot]'
-    permissions:
-      contents: read
-      security-events: write
-    steps:
-      - uses: actions/checkout@v7
-
-      # build-mode: none extracts source without compiling. Avoids CodeQL's
-      # Kotlin extractor, which only supports Kotlin < 2.3.30 (this project is
-      # on 2.4.0) and otherwise fails compileKotlin with KotlinVersionTooRecent.
-      # No build means no mirror-api resolution, so packages: read is unneeded.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
-        with:
-          languages: java-kotlin
-          build-mode: none
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4
-        with:
-          category: "/language:java-kotlin"