diff --git a/.cirrus.yml b/.cirrus.yml
index 5419d0afbf..219705ffb2 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -74,6 +74,17 @@ skip_task_on_pr: &SKIP_TASK_ON_PR
   skip: >
     ($CIRRUS_PR != '' && $CIRRUS_PR_LABELS !=~ '.*fullci.*')
 
+
+benchmark_only_if_template: &BENCHMARK_ONLY_IF_TEMPLATE
+  # only_if condition for cron-triggered benchmarking tests.
+  # These currently do not run for release/.*
+  only_if: >
+    ( $CIRRUS_REPO_NAME == 'zeek' || $CIRRUS_REPO_NAME == 'zeek-security' ) &&
+    ( $CIRRUS_CRON == 'benchmark-nightly' ||
+      $CIRRUS_PR_LABELS =~ '.*fullci.*' ||
+      $CIRRUS_PR_LABELS =~ '.*benchmark.*' ||
+      $CIRRUS_BRANCH =~ 'topic/awelzel/ubuntu22-spicy-task' )
+
 ci_template: &CI_TEMPLATE
   << : *BUILDS_ONLY_IF_TEMPLATE
 
@@ -288,6 +299,37 @@ ubuntu22_task:
     path: build.tgz
   benchmark_script: ./ci/benchmark.sh
 
+ubuntu22_spicy_task:
+  container:
+    # Ubuntu 22.04 EOL: April 2027
+    dockerfile: ci/ubuntu-22.04/Dockerfile
+    << : *RESOURCES_TEMPLATE
+  << : *CI_TEMPLATE
+  env:
+    ZEEK_CI_CREATE_ARTIFACT: 1
+  test_script: true  # Don't run tests, these are redundant.
+  spicy_install_analyzers_script: ./ci/spicy-install-analyzers.sh
+  upload_binary_artifacts:
+    path: build.tgz
+  benchmark_script: ./ci/benchmark.sh
+  << : *BENCHMARK_ONLY_IF_TEMPLATE
+
+ubuntu22_spicy_head_task:
+  container:
+    # Ubuntu 22.04 EOL: April 2027
+    dockerfile: ci/ubuntu-22.04/Dockerfile
+    << : *RESOURCES_TEMPLATE
+  << : *CI_TEMPLATE
+  env:
+    ZEEK_CI_CREATE_ARTIFACT: 1
+    # Pull auxil/spicy to the latest head version. May or may not build.
+    ZEEK_CI_PREBUILD_COMMAND: 'cd auxil/spicy && git fetch && git reset --hard origin/main && git submodule update --init --recursive'
+  spicy_install_analyzers_script: ./ci/spicy-install-analyzers.sh
+  upload_binary_artifacts:
+    path: build.tgz
+  benchmark_script: ./ci/benchmark.sh
+  << : *BENCHMARK_ONLY_IF_TEMPLATE
+
 ubuntu20_task:
   container:
     # Ubuntu 20.04 EOL: April 2025
diff --git a/ci/spicy-install-analyzers.sh b/ci/spicy-install-analyzers.sh
new file mode 100755
index 0000000000..647063fac5
--- /dev/null
+++ b/ci/spicy-install-analyzers.sh
@@ -0,0 +1,31 @@
+#! /usr/bin/env bash
+#
+# Shell script to install the latest version of certain
+# Spicy analyzers using zkg *and* repackages build.tgz.
+# This script should run after build.sh, but before the
+# artifact upload happens.
+set -eux
+
+test -d ${CIRRUS_WORKING_DIR}/install
+
+# Install prefix
+PREFIX=${CIRRUS_WORKING_DIR}/install
+
+export PATH=$PREFIX/bin:$PATH
+
+zkg --version
+
+ANALYZERS="
+https://github.com/zeek/spicy-dhcp
+https://github.com/zeek/spicy-dns
+https://github.com/zeek/spicy-http
+"
+
+for analyzer in $ANALYZERS; do
+    echo Y | zkg -vvvvv install "${analyzer}"
+done
+
+# After installing analyzers, package up build.tgz (representing
+# the contents of the installation directory). This overwrites any
+# existing artifact created by build.sh
+tar -czf ${CIRRUS_WORKING_DIR}/build.tgz ${CIRRUS_WORKING_DIR}/install
diff --git a/ci/ubuntu-22.04/Dockerfile b/ci/ubuntu-22.04/Dockerfile
index 10a8b88502..fd3659c00b 100644
--- a/ci/ubuntu-22.04/Dockerfile
+++ b/ci/ubuntu-22.04/Dockerfile
@@ -25,7 +25,9 @@ RUN apt-get update && apt-get -y install \
     make \
     python3 \
     python3-dev \
+    python3-git \
     python3-pip\
+    python3-semantic-version \
     ruby \
     sqlite3 \
     swig \