diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index eaa9599..3ef873f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -14,11 +14,10 @@ name: "CodeQL"
 on:
   push:
     branches: [ "main", "master" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main", "master" ]
   schedule:
-    - cron: '28 21 * * 0'
+    - cron: '0 0 * * *'
+  pull_request:
+    branches: '*'
 
 jobs:
   analyze:
@@ -103,21 +102,25 @@ jobs:
           -**:cpp/suspicious-pointer-scaling
           -**:cpp/suspicious-pointer-scaling-void
           -**:cpp/unsigned-comparison-zero
-          -**/third*party/**
-          -**/3rd*party/**
-          -**/external/**
+          -**/cmake*/Modules/**
         input: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
         output: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
 
-    - name: Upload SARIF
+    - name: Upload CodeQL results to code scanning
       uses: github/codeql-action/upload-sarif@v2
       with:
         sarif_file: ${{ steps.step1.outputs.sarif-output }}
         category: "/language:${{matrix.language}}"
 
-    - name: Archive CodeQL results
+    - name: Upload CodeQL results as an artifact
+      if: success() || failure()
       uses: actions/upload-artifact@v3
       with:
         name: codeql-results
         path: ${{ steps.step1.outputs.sarif-output }}
-        retention-days: 5
\ No newline at end of file
+        retention-days: 5
+
+    - name: Fail if an error is found
+      run: |
+        ./.github/workflows/fail_on_error.py \
+          ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
diff --git a/.github/workflows/fail_on_error.py b/.github/workflows/fail_on_error.py
new file mode 100755
index 0000000..2979174
--- /dev/null
+++ b/.github/workflows/fail_on_error.py
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+import json
+import sys
+
+# Return whether SARIF file contains error-level results
+def codeql_sarif_contain_error(filename):
+    with open(filename, 'r') as f:
+        s = json.load(f)
+
+    for run in s.get('runs', []):
+        rules_metadata = run['tool']['driver']['rules']
+        if not rules_metadata:
+            rules_metadata = run['tool']['extensions'][0]['rules']
+
+        for res in run.get('results', []):
+            if 'ruleIndex' in res:
+                rule_index = res['ruleIndex']
+            elif 'rule' in res and 'index' in res['rule']:
+                rule_index = res['rule']['index']
+            else:
+                continue
+            try:
+                rule_level = rules_metadata[rule_index]['defaultConfiguration']['level']
+            except IndexError as e:
+                print(e, rule_index, len(rules_metadata))
+            else:
+                if rule_level == 'error':
+                    return True
+    return False
+
+if __name__ == "__main__":
+    if codeql_sarif_contain_error(sys.argv[1]):
+        sys.exit(1)