diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..749ff95
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,78 @@
+pipeline {
+  agent any
+
+  environment {
+    // Non‑secret config injected from Jenkins Credentials (Secret Text)
+    AWS_REGION     = credentials('AWS_REGION')
+    AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID')
+    CODEART_DOMAIN = credentials('CODEART_DOMAIN')
+    CODEART_REPO   = credentials('CODEART_REPO')
+  }
+
+  stages {
+    stage('Checkout') {
+      steps {
+        checkout scm
+      }
+    }
+
+    stage('Authenticate & Configure') {
+      steps {
+        // Use AWS Credentials Plugin to pick up your IAM user keys
+        withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") {
+          script {
+            // Fetch a short‑lived CodeArtifact token
+            env.CODEART_TOKEN = sh(
+              script: """
+                aws codeartifact get-authorization-token \\
+                  --domain ${CODEART_DOMAIN} \\
+                  --domain-owner ${AWS_ACCOUNT_ID} \\
+                  --query authorizationToken --output text
+              """, returnStdout: true
+            ).trim()
+          }
+          // Point pip and twine at your CodeArtifact repo
+          sh '''
+            pip config set global.index-url \
+"https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/"
+            cat > ~/.pypirc <<EOF
+            [distutils]
+            index-servers = codeartifact
+
+            [codeartifact]
+            repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/
+            username = aws
+            password = ${CODEART_TOKEN}
+EOF
+          '''
+        }
+      }
+    }
+
+    stage('Build & Publish') {
+      steps {
+        sh '''
+          python3 -m pip install --upgrade setuptools wheel twine
+          python3 setup.py sdist bdist_wheel
+          twine upload --repository codeartifact dist/*
+        '''
+      }
+    }
+
+    stage('Trivy Scan') {
+      steps {
+        // Runs Trivy as a Docker container against your workspace
+        sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'
+      }
+    }
+  }
+
+  post {
+    success {
+      echo '✅ Build succeeded and package published to CodeArtifact.'
+    }
+    failure {
+      echo '❌ Build failed — check the console output for errors.'
+    }
+  }
+}