diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
new file mode 100644
index 00000000..3b8aadc7
--- /dev/null
+++ b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,26 @@
+name: Security audit
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  workflow_dispatch:
+    branches:
+      - master
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index b315e909..2b02c8a2 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -20,8 +20,6 @@ jobs:
       run: cargo fmt --all -- --check
     - name: Check for panics
       run: ./tests/nopanic.ci
-    - name: Run cargo audit
-      run: cargo audit
 
   tests:
     name: Fedora tests