diff --git a/.bazelrc b/.bazelrc
index 2fd5ced..fcadc62 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -86,3 +86,6 @@ coverage --test_env=COVERAGE_GCOV_OPTIONS=-bcu
 coverage --test_env=LLVM_PROFILE_CONTINUOUS_MODE=1
 coverage --cxxopt -mllvm
 coverage --cxxopt -runtime-counter-relocation
+
+# Dynamic analysis (sanitizers) for Linux host builds/tests.
+try-import %workspace%/quality/sanitizer/sanitizer.bazelrc
diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml
new file mode 100644
index 0000000..47f17e5
--- /dev/null
+++ b/.github/workflows/sanitizers.yml
@@ -0,0 +1,63 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Sanitizers
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+  merge_group:
+    types: [checks_requested]
+
+permissions:
+  contents: read
+
+jobs:
+  sanitizer-tests:
+    name: Bazel Tests (${{ matrix.sanitizer_config }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer_config: [asan_ubsan_lsan]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.2.2
+        with:
+          ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
+
+      - name: Setup Bazel with shared caching
+        uses: bazel-contrib/setup-bazel@0.18.0
+        with:
+          bazelisk-version: 1.26.0
+          disk-cache: true
+          repository-cache: true
+          bazelisk-cache: true
+          cache-save: ${{ github.event_name == 'push' }}
+
+      - name: Run sanitizer tests via Bazel
+        run: |
+          set -euo pipefail
+          echo "Running: bazel test --config=${{ matrix.sanitizer_config }} //tests/cpp/..."
+          # Note: Only testing C++ targets as Rust sanitizers require different configuration
+          bazel test --config=${{ matrix.sanitizer_config }} //tests/cpp/...
+
+      - name: Upload Bazel test logs (always)
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: bazel-testlogs-${{ matrix.sanitizer_config }}
+          path: bazel-testlogs/**/test.log
+          if-no-files-found: warn
diff --git a/MODULE.bazel b/MODULE.bazel
index 390cd54..bcb6ad9 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -27,8 +27,8 @@ bazel_dep(name = "platforms", version = "1.0.0")
 
 # S-CORE process rules
 bazel_dep(name = "score_bazel_platforms", version = "0.0.4")
-bazel_dep(name = "score_docs_as_code", version = "2.2.0")
-bazel_dep(name = "score_tooling", version = "1.1.1")
+bazel_dep(name = "score_docs_as_code", version = "2.3.0")
+bazel_dep(name = "score_tooling", version = "1.1.0")
 bazel_dep(name = "score_rust_policies", version = "0.0.3")
 
 bazel_dep(name = "score_process", version = "1.4.0", dev_dependency = True)
diff --git a/quality/sanitizer/sanitizer.bazelrc b/quality/sanitizer/sanitizer.bazelrc
new file mode 100644
index 0000000..240e622
--- /dev/null
+++ b/quality/sanitizer/sanitizer.bazelrc
@@ -0,0 +1,29 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+# ASan + UBSan + LSan
+test:asan_ubsan_lsan --config=x86_64-linux
+test:asan_ubsan_lsan --compilation_mode=dbg
+test:asan_ubsan_lsan --features=asan
+test:asan_ubsan_lsan --features=ubsan
+test:asan_ubsan_lsan --features=lsan
+test:asan_ubsan_lsan --platform_suffix=asan_ubsan_lsan
+test:asan_ubsan_lsan --test_env=ASAN_OPTIONS=exitcode=55:allow_addr2line=1:verbosity=1:detect_leaks=1:halt_on_error=1:allocator_may_return_null=1
+test:asan_ubsan_lsan --test_env=UBSAN_OPTIONS=exitcode=55:allow_addr2line=1:verbosity=1:print_stacktrace=1:halt_on_error=1
+
+# TSan
+test:tsan --config=x86_64-linux
+test:tsan --compilation_mode=dbg
+test:tsan --features=tsan
+test:tsan --platform_suffix=tsan
+test:tsan --test_env=TSAN_OPTIONS=exitcode=55:allow_addr2line=1:verbosity=1:halt_on_error=1:detect_deadlocks=1