diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index c3163671e..f35df86cc 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -91,6 +91,23 @@ jobs:
         run: |
           bundle exec rubocop
 
+  audit:
+    name: Audit dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          # runs 'bundle install' and caches installed gems automatically
+          bundler-cache: true
+
+      - name: Audit
+        run: |
+          bundle exec bundler-audit
+
   deploy:
     name: Deploy
 
diff --git a/Gemfile b/Gemfile
index 3c69843fe..2c45b2e0b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -58,6 +58,7 @@ group :development, :test do
   gem "byebug", platforms: %i[mri mingw x64_mingw]
   gem "dotenv-rails"
   gem "pry-byebug"
+  gem "bundler-audit"
 end
 
 group :development do
diff --git a/Gemfile.lock b/Gemfile.lock
index dff4f2e30..95bf549a1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -131,6 +131,9 @@ GEM
     bootsnap (1.10.3)
       msgpack (~> 1.2)
     builder (3.2.4)
+    bundler-audit (0.9.0.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     byebug (11.1.3)
     capybara (3.36.0)
       addressable
@@ -466,6 +469,7 @@ DEPENDENCIES
   activeadmin!
   aws-sdk-s3
   bootsnap (>= 1.4.4)
+  bundler-audit
   byebug
   capybara
   capybara-lockstep