diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a48ab0b..5952b59 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,4 +1,18 @@
 version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "npm"
+    directory: "/frontend"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+version: 2
 updates:
   - package-ecosystem: cargo
     directory: /
diff --git a/.github/workflows/dependency-scan.yml b/.github/workflows/dependency-scan.yml
new file mode 100644
index 0000000..4adf2c9
--- /dev/null
+++ b/.github/workflows/dependency-scan.yml
@@ -0,0 +1,20 @@
+name: Dependency Scan
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  dependency-review:
+    name: Dependency review
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Dependency Review Action
+        uses: github/dependency-review-action@v1
+      - name: Run cargo-audit
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}