diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 93b03b7d..d04d55df 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,6 +38,13 @@ jobs:
       - name: Build default features
         run: cargo build
 
+  deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+
   unit-tests:
     needs: lint
     runs-on: ubuntu-latest
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..5dde7f67
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,38 @@
+[graph]
+all-features = true
+
+# This section is considered when running `cargo deny check advisories`
+[advisories]
+unmaintained = "warn"
+ignore = [
+    { id = "RUSTSEC-2024-0336", reason = "No upgrade available. Tracking the vulnerability: https://github.com/r0gue-io/pop-cli/issues/173" },
+    { id = "RUSTSEC-2023-0071", reason = "No upgrade available. Tracking the vulnerability: https://github.com/r0gue-io/pop-cli/issues/173" },
+]
+
+[licenses]
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSL-1.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "GPL-3.0",
+    "MIT",
+    "MPL-2.0",
+    "Unicode-DFS-2016",
+    "Unlicense"
+]
+confidence-threshold = 0.93
+
+[[licenses.exceptions]]
+allow = ["OpenSSL"]
+name = "ring"
+
+[[licenses.clarify]]
+name = "ring"
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
\ No newline at end of file