diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml
new file mode 100644
index 00000000..6c2c453b
--- /dev/null
+++ b/.github/workflows/vulncheck.yml
@@ -0,0 +1,25 @@
+name: Vulnerability Check
+on: [ pull_request ]
+
+jobs:
+  govulncheck:
+    name: vulncheck
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: go.mod
+          go-package: ./...
+          repo-checkout: true
+          output-format: text
+          output-file: govulncheck.out
+
+      - name: PR comment with file
+        uses: thollander/actions-comment-pull-request@v2
+        if: github.event_name == 'pull_request'
+        with:
+          filePath: govulncheck.out
+          comment_tag: Vulnerability Check
+          mode: "recreate"
diff --git a/Makefile b/Makefile
index c8d3614f..c6c962af 100644
--- a/Makefile
+++ b/Makefile
@@ -142,6 +142,10 @@ verify-gen: generate manifests mockgen ## Verify go generated files and CRDs are
 		echo "generated files are out of date, run make generate and/or make mockgen"; exit 1; \
 	fi
 
+.PHONY: vuln-check
+vuln-check: govulncheck ## Run govulncheck to check for known vulnerabilities in the code.
+	$(GOVULNCHECK) ./...
+
 
 ##@ Deployment
 
@@ -177,12 +181,15 @@ $(LOCALBIN):
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
+GOVULNCHECK ?= $(LOCALBIN)/govulncheck
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.0.0
 CONTROLLER_TOOLS_VERSION ?= v0.16.5
 ENVTEST_VERSION ?= latest
 
+GOVULNCHECK_VERSION ?= latest
+
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
@@ -204,6 +211,12 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(ENVTEST_VERSION)
 
+.PHONY: govulncheck
+govulncheck: $(GOVULNCHECK) ## Download govulncheck locally if necessary. If wrong version is installed, it will be overwritten.
+$(GOVULNCHECK): $(LOCALBIN)
+	test -s $(LOCALBIN)/govulncheck && $(LOCALBIN)/govulncheck --version | grep -q $(GOVULNCHECK_VERSION) || \
+	GOBIN=$(LOCALBIN) go install golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION)
+
 ##@ Test
 
 .PHONY: tilt-up