diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9ef851009f6ae9fb96f6d68c251b2458a8903cbb..3f970ce5874a383bed2818dbd5fae85aa83fb2ae 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -638,6 +638,25 @@ jobs:
           . venv/bin/activate
           python -m script.gen_requirements_all validate
 
+  dependency-review:
+    name: Dependency review
+    runs-on: ubuntu-24.04
+    needs:
+      - info
+      - base
+    if: |
+      github.event.inputs.pylint-only != 'true'
+      && github.event.inputs.mypy-only != 'true'
+      && needs.info.outputs.requirements == 'true'
+      && github.event_name == 'pull_request'
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Dependency review
+        uses: actions/dependency-review-action@v4.5.0
+        with:
+          license-check: false # We use our own license audit checks
+
   audit-licenses:
     name: Audit licenses
     runs-on: ubuntu-24.04