diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
new file mode 100644
index 00000000..58ee6377
--- /dev/null
+++ b/.github/dependency-review-config.yml
@@ -0,0 +1,12 @@
+---
+fail-on-severity: low
+license-check: true
+vulnerability-check: yes
+comment-summary-in-pr: on-failure
+allow-licenses:
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - ISC
+  - MPL-2.0
+  - MIT
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
index 96004656..0a395848 100644
--- a/.github/workflows/osv-scanner.yml
+++ b/.github/workflows/osv-scanner.yml
@@ -3,7 +3,7 @@
 # by a third-party and are governed by separate terms of service, privacy
 # policy, and support documentation.
 
-name: osv-scanner
+name: OSV Scanner
 on:
   push:
     branches:
diff --git a/.github/workflows/pr-dep-review.yml b/.github/workflows/pr-dep-review.yml
new file mode 100644
index 00000000..c037bfd6
--- /dev/null
+++ b/.github/workflows/pr-dep-review.yml
@@ -0,0 +1,25 @@
+---
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: PR Dependency Review
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    name: Scan PR for dependency issues
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          config-file: ./.github/dependency-review-config.yml