diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index 273453e..5e8e436 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -18,6 +18,12 @@ jobs:
     - name: Check formatting
       run: cargo fmt --all -- --check
 
+  cargo-deny:
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v6
+        - uses: EmbarkStudios/cargo-deny-action@v2
+
   build:
     name: Fedora tests
     runs-on: ubuntu-latest
diff --git a/deny.toml b/deny.toml
index 55850ee..3af65bf 100644
--- a/deny.toml
+++ b/deny.toml
@@ -1,9 +1,24 @@
+[graph]
 targets = [
     { triple = "x86_64-unknown-linux-gnu" },
     { triple = "aarch64-unknown-linux-gnu" },
     { triple = "x86_64-unknown-linux-musl" },
 ]
 
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+# we still use serde_cbor for packed CBOR format
+ignore = ["RUSTSEC-2021-0127"]
+
 [licenses]
-unlicensed = "deny"
-allow = ["GPL-3.0-or-later", "MIT", "ISC", "Unicode-DFS-2016", "BSD-2-Clause", "BSD-3-Clause"]
\ No newline at end of file
+allow = [
+    "Apache-2.0",
+    "GPL-3.0-or-later",
+    "MIT",
+    "ISC",
+    "Unicode-3.0",
+    "Unicode-DFS-2016",
+    "BSD-2-Clause",
+    "BSD-3-Clause"
+]