diff --git a/.github/workflows/audits.yml b/.github/workflows/audits.yml
new file mode 100644
index 000000000..6c57fa757
--- /dev/null
+++ b/.github/workflows/audits.yml
@@ -0,0 +1,35 @@
+name: Audits
+
+on: [push, pull_request]
+
+jobs:
+  cargo-vet:
+    name: Vet Rust dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+
+      - name: Install cargo-vet
+        uses: actions-rs/cargo@v1
+        with:
+          command: install
+          args: --git https://github.com/mozilla/cargo-vet.git cargo-vet
+
+      # This is necessary because `cargo vet --locked` implies `cargo metadata --frozen`,
+      # preventing all network access.
+      - name: Ensure dependency sources are present
+        uses: actions-rs/cargo@v1
+        with:
+          command: fetch
+          args: --locked
+
+      - name: Run cargo vet --locked
+        uses: actions-rs/cargo@v1
+        with:
+          command: vet
+          args: --locked