diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9cd062a48..bde98d682 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -44,6 +44,15 @@ jobs:
           echo "strategy=$strategy" >> "$GITHUB_OUTPUT"
           jq . <<<"$strategy" # sanity check / debugging aid
 
+     -
+      name: Set up CoPilot JDK
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+     -
+      name: Upload to CoPilot
+      if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
+      run: bash <(curl -s https://copilot.blackducksoftware.com/ci/githubactions/scripts/upload)
   test:
     needs: generate-jobs
     strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }}
@@ -62,4 +71,4 @@ jobs:
       - name: Test ${{ matrix.name }}
         run: ${{ matrix.runs.test }}
       - name: '"docker images"'
-        run: ${{ matrix.runs.images }}
+        run: ${{ matrix.runs.images }}
\ No newline at end of file
diff --git a/.github/workflows/updates.yml b/.github/workflows/updates.yml
new file mode 100644
index 000000000..5e8169faf
--- /dev/null
+++ b/.github/workflows/updates.yml
@@ -0,0 +1,15 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
+