diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
new file mode 100644
index 000000000000..55b50fb71a40
--- /dev/null
+++ b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,31 @@
+name: "Cargo Audit"
+on:
+  push:
+    paths:
+      # Run if workflow changes
+      - '.github/workflows/cargo-audit.yml'
+      # Run on changed dependencies
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+      # Run if the configuration file changes
+      - '**/audit.toml'
+  # Rerun periodically to pick up new advisories
+  schedule:
+    - cron: '0 0 * * *'
+  # Run manually
+  workflow_dispatch:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - uses: actions/checkout@v4
+        # https://github.com/marketplace/actions/cargo-audit-your-rust-dependencies
+      - uses: actions-rust-lang/audit@72c09e02f132669d52284a3323acdb503cfc1a24
+        name: Audit Rust Dependencies
+        # with:
+          # Comma separated list of issues to ignore
+          # ignore: RUSTSEC-2020-0036