diff --git a/.github/workflows/vulnerability-scanning.yml b/.github/workflows/vulnerability-scanning.yml
new file mode 100644
index 0000000000..2afcc7b7c6
--- /dev/null
+++ b/.github/workflows/vulnerability-scanning.yml
@@ -0,0 +1,35 @@
+on: [pull_request]
+
+jobs:
+  depchecktest:
+    runs-on: ubuntu-latest
+    name: depecheck_test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+      - name: Call setup
+        run: ./gradlew dependencies
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d
+        env:
+          # actions/setup-java changes JAVA_HOME, so it needs to be reset to match the depcheck image
+          JAVA_HOME: /opt/jdk
+        id: Depcheck
+        with:
+          project: 'MPS-extensions'
+          format: 'HTML'
+          out: 'reports'
+          args: >
+            --exclude ${{github.workspace}}/build/mps/**
+      - name: Upload Test results
+        uses: actions/upload-artifact@v4
+        with:
+           name: Depcheck report
+           path: ${{github.workspace}}/reports
\ No newline at end of file