diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
new file mode 100644
index 0000000..3705f78
--- /dev/null
+++ b/.github/dependency-review-config.yml
@@ -0,0 +1,12 @@
+# https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
+allow_licenses:
+- 'Apache-2.0'
+- 'BSD-2-Clause'
+- 'BSD-2-Clause-FreeBSD'
+- 'BSD-3-Clause'
+- 'ISC'
+- 'MIT'
+- 'PostgreSQL'
+- 'Python-2.0'
+- 'X11'
+- 'Zlib'
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
new file mode 100644
index 0000000..15f0a9d
--- /dev/null
+++ b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,15 @@
+name: 'Dependency Review'
+on:
+- pull_request
+permissions:
+  contents: read
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v3
+      with:
+        config-file: '.github/dependency-review-config.yml'