diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000..7f6ae19
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,97 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
+# packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency review'
+on:
+  pull_request:
+    branches:
+      - 'main'
+      - 'develop'
+
+# If using a dependency submission action in this workflow this permission will need to be set to:
+#
+# permissions:
+#   contents: write
+#
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
+permissions:
+  contents: read
+  # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout repository'
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+        # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
+        with:
+          retry-on-snapshot-warnings: true
+          retry-on-snapshot-warnings-timeout: 60
+          warn-on-openssf-scorecard-level: 5
+          comment-summary-in-pr: always
+          allow-dependencies-licenses: |
+            pkg:nuget/AasCore.Aas3_0,
+            pkg:nuget/AasCore.Aas3.Package
+          allow-licenses: |
+            Apache-1.0,
+            Apache-1.1,
+            Apache-2.0,
+            BSL-1.0,
+            BSD-1-Clause,
+            BSD-2-Clause,
+            BSD-2-Clause-FreeBSD,
+            BSD-2-Clause-NetBSD,
+            BSD-3-Clause,
+            BSD-3-Clause-Clear,
+            BSD-3-Clause-No-Nuclear-License,
+            BSD-3-Clause-No-Nuclear-License-2014,
+            BSD-3-Clause-No-Nuclear-Warranty,
+            BSD-3-Clause-Open-MPI,
+            BSD-4-Clause,
+            BSD-Protection,
+            BSD-Source-Code,
+            BSD-3-Clause-Attribution,
+            0BSD,
+            BSD-2-Clause-Patent,
+            BSD-4-Clause-UC,
+            MIT-CMU,
+            CC-BY-3.0,
+            CC-BY-SA-1.0,
+            CC-BY-SA-2.0,
+            CC-BY-SA-2.5,
+            CC-BY-SA-3.0,
+            CC-BY-SA-4.0,
+            CC0-1.0,
+            WTFPL,
+            MIT-enna,
+            MIT-feh,
+            ISC,
+            JSON,
+            BSD-3-Clause-LBNL,
+            MITNFA,
+            MIT,
+            MIT-0,
+            UPL-1.0,
+            NCSA,
+            X11,
+            Xerox,
+            BlueOak-1.0.0,
+            CC-BY-4.0,
+            MS-PL,
+            PostgreSQL,
+            Python-2.0,
+            SSPL-1.0,
+            OFL-1.1,
+            Unlicense,
+            Unicode-DFS-2016,
+            Unicode-3.0