diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000..2b5cd8c
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+
+  # Maintain dependencies for kotlin
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..6332f78
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,22 @@
+name: Code scanning (CodeQL)
+
+on:
+  pull_request:
+    types: [ready_for_review, opened, reopened, synchronize]
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  codeql:
+    name: Run codeql scan
+    if: github.event.pull_request.draft == false
+    uses: Informasjonsforvaltning/workflows/.github/workflows/codeql.yaml@main
+    with:
+      language: java
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
new file mode 100644
index 0000000..22f33ea
--- /dev/null
+++ b/.github/workflows/deploy-staging.yaml
@@ -0,0 +1,35 @@
+name: Deploy to staging
+
+on:
+  pull_request:
+    types: [ready_for_review, opened, reopened, synchronize]
+    branches:
+      - main
+
+jobs:
+  build-service-catalog:
+    name: Build when pull request is created
+    if: github.event.pull_request.draft == false
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build-push.yaml@main
+    with:
+      app_name: service-catalog
+      environment: staging
+      java_version: '17'
+      coverage_file_path: ./target/site/jacoco/jacoco.xml
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}
+
+  deploy:
+    name: Deploy to staging environment
+    if: github.event.pull_request.draft == false
+    needs: [ build-service-catalog ]
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: service-catalog
+      environment: staging
+      cluster: digdir-fdk-dev
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_DEV_AUTODEPLOY }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/deploy/base/deployment-service-catalog.yaml b/deploy/base/deployment-service-catalog.yaml
new file mode 100644
index 0000000..b6d727a
--- /dev/null
+++ b/deploy/base/deployment-service-catalog.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: service-catalog
+  labels:
+    app: service-catalog
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: service-catalog
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: service-catalog
+      annotations:
+        prometheus.io/scrape: "false"
+    spec:
+      containers:
+        - name: service-catalog
+          image: service-catalog
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+            successThreshold: 1
+            failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+            successThreshold: 1
+            failureThreshold: 5
+          resources:
+            requests:
+              memory: 100Mi
\ No newline at end of file
diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml
new file mode 100644
index 0000000..05d3030
--- /dev/null
+++ b/deploy/base/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment-service-catalog.yaml
+  - service-service-catalog.yaml
+images:
+  - name: service-catalog
+    newName: eu.gcr.io/digdir-fdk-infra/service-catalog
+    newTag: $(GIT_COMMIT_SHA)
diff --git a/deploy/base/service-service-catalog.yaml b/deploy/base/service-service-catalog.yaml
new file mode 100644
index 0000000..c786175
--- /dev/null
+++ b/deploy/base/service-service-catalog.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service-catalog
+spec:
+  selector:
+    app: service-catalog
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: NodePort
diff --git a/deploy/staging/ingress.yaml b/deploy/staging/ingress.yaml
new file mode 100644
index 0000000..27b4098
--- /dev/null
+++ b/deploy/staging/ingress.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: service-catalog
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: service-catalog.api.staging.fellesdatakatalog.digdir.no
+      http:
+        paths:
+          - backend:
+              service:
+                name: service-catalog
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
diff --git a/deploy/staging/kustomization.yaml b/deploy/staging/kustomization.yaml
new file mode 100644
index 0000000..ed44016
--- /dev/null
+++ b/deploy/staging/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: staging
+resources:
+  - ../base
+  - ingress.yaml