diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fa0fd89..afddb25 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -48,4 +48,9 @@ jobs:
                   -Dsonar.issue.ignore.multicriteria=e1
                   -Dsonar.issue.ignore.multicriteria.e1.ruleKey=shell:S5332
                   -Dsonar.issue.ignore.multicriteria.e1.resourceKey=**/docker/scripts/update-localstack-url.sh
-
+            - name: Dependency Review
+              if: github.event_name == 'pull_request'
+              uses: actions/dependency-review-action@v4
+              with:
+                fail-on-severity: moderate
+                comment-summary-in-pr: always
diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..97de5ae
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,3 @@
+save-exact=true
+ignore-scripts=true
+min-release-age=7