diff --git a/.gitlab-ci-files/common-prepare.yml b/.gitlab-ci-files/common-prepare.yml
new file mode 100644
index 00000000..14567f16
--- /dev/null
+++ b/.gitlab-ci-files/common-prepare.yml
@@ -0,0 +1,34 @@
+.ensure_docker: &ensure_docker
+  # Check for docker and install if missing
+  - 'which docker || ( sudo apt-get update -y && sudo apt-get install docker.io -y )'
+
+.ensure_rsync: &ensure_rsync
+  # Install rsync and deps if missing
+  - 'which ssh-agent || ( sudo apt-get update -y && sudo apt-get install openssh-client -y )'
+  - 'which rsync || ( sudo apt-get update -y && sudo apt-get install rsync -y )'
+  - 'which make || ( sudo apt-get update -y && sudo apt-get install make -y )'
+
+.enable_insecure_docker_registries: &enable_insecure_docker_registries
+  # Enable "insecure" docker registries
+  - |
+      cat <<EOD > /tmp/docker-daemon.json
+      {
+                "insecure-registries" : ["${DOCKER_REGISTRY_HOST}"]
+      }
+      EOD
+  - sudo cp /tmp/docker-daemon.json /etc/docker/daemon.json
+  - sudo systemctl restart docker.service
+
+.standard_job:
+  tags: [kvm]
+  before_script:
+    - *ensure_docker
+    - *ensure_rsync
+    - *enable_insecure_docker_registries
+
+.make_in_docker:
+  extends: .standard_job
+  script:
+    - docker login -u ${DOCKER_REGISTRY_USER} -p ${DOCKER_REGISTRY_PASS} ${DOCKER_REGISTRY_HOST}
+    - cd scripts/${CI_DISTRO_TARGET}
+    - make
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..4dc84594
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,27 @@
+include:
+  - '.gitlab-ci-files/common-prepare.yml'
+
+stages:
+  - build
+
+
+# Debian
+
+debian10:build:
+  extends: .make_in_docker
+  stage: build
+  variables:
+    CI_DISTRO_TARGET: "debian10"
+    DEBIAN_FRONTEND: "noninteractive"
+  rules:
+    - if: '$CI_COMMIT_TAG  !~ /^Release_[0-9]+\.[0-9]+\.[0-9]+$/'
+
+debian10:tagged-build:
+  extends: .make_in_docker
+  stage: build
+  variables:
+    CI_DISTRO_TARGET: "debian10"
+    DEBIAN_FRONTEND: "noninteractive"
+    TAGGED_BUILD: "true"
+  rules:
+    - if: '$CI_COMMIT_TAG  =~ /^Release_[0-9]+\.[0-9]+\.[0-9]+$/'
diff --git a/DEPENDENCIES b/DEPENDENCIES
new file mode 100644
index 00000000..9970c4ce
--- /dev/null
+++ b/DEPENDENCIES
@@ -0,0 +1,4 @@
+# 1st Party Dependencies
+## Prefer git tags instead of SHA hashes when possible.
+
+sequoia=365d00a08bec6a5a48d48a7c7893d78c27092b59
diff --git a/scripts/debian10/Makefile b/scripts/debian10/Makefile
new file mode 100644
index 00000000..b0abdb0a
--- /dev/null
+++ b/scripts/debian10/Makefile
@@ -0,0 +1,27 @@
+include ../../DEPENDENCIES
+export
+PEP_MACHINE_DIR= $(PKG_INSTALL_PATH)/share/pEp
+SEQUOIA_VERSION=${sequoia}
+CURRENT_DISTRO=$(shell basename $(shell pwd))
+IMAGE_NAME=${DOCKER_REGISTRY_HOST}/pep-$(CURRENT_DISTRO)-engine
+DOCKERFILE=pEpEngine.$(CURRENT_DISTRO).Dockerfile
+IS_TAGGED=${TAGGED_BUILD}
+ifeq ($(IS_TAGGED), true)
+# $CI_COMMIT_TAG is a predefined environment variable from Gitlab
+	PEPENGINE_VERSION=${CI_COMMIT_TAG}
+else
+	PEPENGINE_VERSION=$(shell git rev-parse --short=8 HEAD)
+endif
+all:
+	-docker pull $(IMAGE_NAME):latest
+	cd ../../ && docker build --build-arg CURRENT_DISTRO=$(CURRENT_DISTRO) \
+		      --build-arg DOCKER_REGISTRY_HOST=${DOCKER_REGISTRY_HOST} \
+		      --build-arg PEPENGINE_VERSION=$(PEPENGINE_VERSION) \
+		      --build-arg SEQUOIA_VERSION=$(SEQUOIA_VERSION) \
+		      --build-arg PEP_MACHINE_DIR=$(PEP_MACHINE_DIR) \
+		      --cache-from $(IMAGE_NAME):latest \
+		      --tag=$(IMAGE_NAME):$(PEPENGINE_VERSION) \
+		      --tag=$(IMAGE_NAME):latest \
+		      -f scripts/${CURRENT_DISTRO}/$(DOCKERFILE) .
+	docker push $(IMAGE_NAME):$(PEPENGINE_VERSION)
+	docker push $(IMAGE_NAME):latest
diff --git a/scripts/debian10/build_pEpEngine.sh b/scripts/debian10/build_pEpEngine.sh
new file mode 100755
index 00000000..0e18a7de
--- /dev/null
+++ b/scripts/debian10/build_pEpEngine.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env sh
+set -exo
+
+export LC_ALL=en_US.UTF-8
+
+cat >local.conf <<__LOCAL__
+PREFIX=${INSTPREFIX}
+SQLITE3_FROM_OS=""
+PER_MACHINE_DIRECTORY=${PEP_MACHINE_DIR}
+YML2_PATH=${BUILDROOT}/yml2
+YML2_PROC=${BUILDROOT}/yml2/yml2proc
+ETPAN_LIB=-L${INSTPREFIX}/libetpan/lib
+ETPAN_INC=-I${INSTPREFIX}/libetpan/include
+ASN1C=${INSTPREFIX}/asn1c/bin/asn1c
+ASN1C_INC=-I${INSTPREFIX}/asn1c/share/asn1c
+OPENPGP=SEQUOIA
+SEQUOIA_LIB=-L${INSTPREFIX}/lib
+SEQUOIA_INC=-I${INSTPREFIX}/include
+LDFLAGS  += -L${INSTPREFIX}/lib -L${INSTPREFIX}/libetpan/lib -L${INSTPREFIX}/pep/lib -nostartfiles
+__LOCAL__
+
+cat local.conf
+
+export PKG_CONFIG_PATH=$INSTPREFIX/share/pkgconfig/
+make all && make db && make install
diff --git a/scripts/debian10/build_pEpEngine_deps.sh b/scripts/debian10/build_pEpEngine_deps.sh
new file mode 100755
index 00000000..04a24dc9
--- /dev/null
+++ b/scripts/debian10/build_pEpEngine_deps.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env sh
+set -exo
+
+### YML2
+cd $BUILDROOT
+wget https://fdik.org/yml2.tar.bz2
+tar -xf yml2.tar.bz2
+rm yml2.tar.bz2
+
+
+### libetpan
+git clone https://github.com/fdik/libetpan $BUILDROOT/libetpan
+cd $BUILDROOT/libetpan
+test -f configure || NOCONFIGURE=absolutely ./autogen.sh
+./configure --prefix=${INSTPREFIX}/libetpan \
+    --without-openssl --without-gnutls --without-sasl \
+    --without-curl --without-expat --without-zlib \
+    --disable-dependency-tracking
+make -j$(nproc)
+make install
+echo "${libetpan_ver}">${INSTPREFIX}/libetpan.ver
+
+
+### ASN1c
+git clone https://github.com/vlm/asn1c.git $BUILDROOT/asn1c
+cd $BUILDROOT/asn1c
+git checkout tags/v0.9.28 -b pep-engine
+test -f configure || autoreconf -iv
+./configure --prefix=${INSTPREFIX}/asn1c
+make -j$(nproc) && make install
+echo "${asn1c_ver}">${INSTPREFIX}/asn1c.ver
diff --git a/scripts/debian10/install_pEpEngine_systemdb.sh b/scripts/debian10/install_pEpEngine_systemdb.sh
new file mode 100755
index 00000000..2585e974
--- /dev/null
+++ b/scripts/debian10/install_pEpEngine_systemdb.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+set -exo
+
+# Install systemdb (need to be root depending on the path)
+cd $BUILDROOT/pEpEngine
+export LC_ALL=en_US.UTF-8
+export PKG_CONFIG_PATH=$INSTPREFIX/share/pkgconfig/
+echo "Setup DB"
+make -C db install
diff --git a/scripts/debian10/pEpEngine.debian10.Dockerfile b/scripts/debian10/pEpEngine.debian10.Dockerfile
new file mode 100644
index 00000000..1941b465
--- /dev/null
+++ b/scripts/debian10/pEpEngine.debian10.Dockerfile
@@ -0,0 +1,38 @@
+ARG DOCKER_REGISTRY_HOST
+ARG CURRENT_DISTRO
+ARG PEPENGINE_VERSION
+FROM ${DOCKER_REGISTRY_HOST}/pep-${CURRENT_DISTRO}-sequoia:latest
+
+ENV BUILDROOT /build
+ENV INSTPREFIX /install
+ENV OUTDIR /out
+ARG PEP_MACHINE_DIR
+
+### Setup working directory
+RUN mkdir ${BUILDROOT}/pEpEngine
+COPY . ${BUILDROOT}/pEpEngine
+
+USER root
+
+RUN chown -R pep-builder:pep-builder ${BUILDROOT}/pEpEngine
+WORKDIR ${BUILDROOT}/pEpEngine
+
+ARG ENGINE_VERSION
+ARG CURRENT_DISTRO
+
+RUN  apt-get update && apt-get install -y wget bzip2 && \
+     rm -rf /var/lib/apt/lists/*
+
+### Build pEpEngine dependencies
+USER pep-builder
+
+RUN sh ./scripts/${CURRENT_DISTRO}/build_pEpEngine_deps.sh
+
+### Build pEpEngine
+RUN sh ./scripts/${CURRENT_DISTRO}/build_pEpEngine.sh
+
+### Install Systemdb
+USER root
+
+RUN sh ./scripts/${CURRENT_DISTRO}/install_pEpEngine_systemdb.sh && \
+    rm -rf ${BUILDROOT}/*