diff --git a/.github/vet/policy.yml b/.github/vet/policy.yml
new file mode 100644
index 0000000..8688ec5
--- /dev/null
+++ b/.github/vet/policy.yml
@@ -0,0 +1,29 @@
+
+# https://github.com/safedep/vet-action
+# https://github.com/safedep/vet
+# Learn more about policies: https://docs.safedep.io/advanced/filtering
+name: vet Open Source Components
+description: General purpose OSS best practices policy for vet
+tags:
+  - general
+  - community
+filters:
+  - name: critical-or-high-vulns
+    check_type: CheckTypeVulnerability
+    summary: Critical or high risk vulnerabilities were found
+    value: |
+      vulns.critical.exists(p, true) || vulns.high.exists(p, true)
+  - name: risky-oss-licenses
+    check_type: CheckTypeLicense
+    summary: Risky OSS license was detected
+    value: |
+      licenses.exists(p, p == "GPL-2.0") ||
+      licenses.exists(p, p == "GPL-2.0-only") ||
+      licenses.exists(p, p == "GPL-3.0") ||
+      licenses.exists(p, p == "GPL-3.0-only") ||
+      licenses.exists(p, p == "BSD-3-Clause OR GPL-2.0")
+  - name: ossf-unmaintained
+    check_type: CheckTypeMaintenance
+    summary: Component appears to be unmaintained
+    value: |
+      scorecard.scores["Maintained"] == 0
diff --git a/.github/workflows/vet-ci.yml b/.github/workflows/vet-ci.yml
new file mode 100644
index 0000000..5bd2a3d
--- /dev/null
+++ b/.github/workflows/vet-ci.yml
@@ -0,0 +1,40 @@
+
+# https://github.com/safedep/vet-action
+name: vet OSS Components
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  # Required for actions/checkout@v4
+  contents: read
+
+  # Required for writing pull request comment
+  issues: write
+  pull-requests: write
+
+jobs:
+  vet:
+    name: vet
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Run vet
+        id: vet
+        uses: safedep/vet-action@v1
+        with:
+          # Path to the policy file.
+          # Remove following line to use the default policy
+          policy: .github/vet/policy.yml
+          # Enable comments proxy to allow comments on the PR from forked repo
+          enable-comments-proxy: true
+        env:
+          # Required for writing pull request comment
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}