diff --git a/.github/workflows/pr-deps.yml b/.github/workflows/pr-deps.yml
new file mode 100644
index 00000000..e200d34c
--- /dev/null
+++ b/.github/workflows/pr-deps.yml
@@ -0,0 +1,75 @@
+name: PR Deps Baseline
+
+# Add required changes to dependency update PRs.
+
+on:
+  pull_request_target:
+    types: [ opened, reopened, synchronize ]
+
+permissions:
+  contents: write
+  # We appear to need write permission for both pull-requests and
+  # issues to post a comment to a pull request.
+  pull-requests: write
+  issues: write
+
+jobs:
+  pr-deps:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          disable-sudo: true
+          egress-policy: audit
+
+      # Verify that the PR is from Dependabot
+      - uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/checkout@v4
+        with:
+          # Needed for correct git commit --amend.
+          fetch-depth: 2
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+
+      - uses: gradle/actions/setup-gradle@v3
+
+      - name: Baseline
+        run: |
+          ./gradlew dependencyGuardBaseline --stacktrace
+          ./checks/gradle-plugin/gradlew dependencyGuardBaseline --stacktrace
+          ./checks/kmp/gradlew dependencyGuardBaseline --stacktrace
+
+      - name: Commit amend and push
+        run: |
+          # Set git user email and name to match author of the last commit.
+          git config --local user.email "$(git log --pretty='%ae' -1)"
+          git config --local user.name "$(git log --pretty=format:'%an' -1)"
+          git add .
+          git commit --amend --no-edit
+
+      - name: Push changes
+        run: git push --force-with-lease
+
+      - name: Track result in the comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: ${{ success() && '✅ Baseline updated.' || '❌ Baseline update failed.' }},
+            })