diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 00000000..88284443
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,28 @@
+# Audits the code regularly e.g. for bad dependencies and security advisories
+# This Workflow is different from `qc.yml`:
+# - runs regularly
+# - does not work on the code itself but on its depdencies
+
+name: Audit
+
+on:
+  pull_request:
+  push:
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/audit.yml"
+    # branches: [main]
+  schedule:
+    - cron: "0 3 * * *"
+
+
+jobs:
+  cargo-deny:
+    runs-on: ubicloud-standard-2-ubuntu-2404
+    steps:
+      - uses: actions/checkout@v6
+      - uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check
+          arguments: --all-features
diff --git a/.github/workflows/qc.yaml b/.github/workflows/qc.yaml
index d4cb660d..6eae4ece 100644
--- a/.github/workflows/qc.yaml
+++ b/.github/workflows/qc.yaml
@@ -64,14 +64,6 @@ jobs:
       - name: Check rp.1
         run: doc/check.sh doc/rp.1
 
-  cargo-audit:
-    runs-on: ubicloud-standard-2-ubuntu-2404
-    steps:
-      - uses: actions/checkout@v5
-      - uses: actions-rs/audit-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
   cargo-clippy:
     runs-on: ubicloud-standard-2-ubuntu-2404
     steps: