diff --git a/.github/workflows/osv-scan.yml b/.github/workflows/osv-scan.yml
new file mode 100644
index 0000000000..24882a35d6
--- /dev/null
+++ b/.github/workflows/osv-scan.yml
@@ -0,0 +1,27 @@
+name: Vulnerability Scan
+run-name: ${{ github.actor }} is scanning dependencies for vulnerabilities \U0001F512
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+jobs:
+  osv_scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Install osv-scanner
+        run: |
+          go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest
+          echo "${HOME}/go/bin" >> $GITHUB_PATH
+
+      - name: Scan for vulnerabilities
+        run: osv-scanner -r .