diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
deleted file mode 100644
index e8e4d5b84b1e..000000000000
--- a/.github/workflows/deny.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: deny
-
-on:
-  push:
-    branches: [master]
-    paths: [Cargo.lock, deny.toml]
-  pull_request:
-    branches: [master]
-    paths: [Cargo.lock, deny.toml]
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  cargo-deny:
-    name: cargo deny check
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    steps:
-      - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
-        with:
-          command: check all
-          # Clear out arguments to not pass `--all-features` to `cargo deny`.
-          # many crates have an `openssl` feature which enables banned dependencies
-          arguments: ""
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index d5a2eabb07c0..3ca0daa177ab 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -110,6 +110,13 @@ jobs:
           cache-on-failure: true
       - run: cargo hack check
 
+  deny:
+    uses: ithacaxyz/ci/.github/workflows/deny.yml@main
+    with:
+      # Clear out arguments to not pass `--all-features` to `cargo deny`.
+      # Many crates have an `openssl` feature which enables banned dependencies.
+      deny-flags: ""
+
   ci-success:
     runs-on: ubuntu-latest
     if: always()
@@ -122,6 +129,7 @@ jobs:
       - rustfmt
       - forge-fmt
       - crate-checks
+      - deny
     timeout-minutes: 30
     steps:
       - name: Decide whether the needed jobs succeeded or failed