diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml
index 3f1524a1..d2cd8125 100644
--- a/.github/workflows/code-qualitiy.yml
+++ b/.github/workflows/code-qualitiy.yml
@@ -75,3 +75,31 @@ jobs:
         run: mvn --batch-mode --update-snapshots clean install
       - name: Run reproducibility check
         run: mvn clean install
+  dirty-waters:
+    runs-on:
+        ubuntu-latest
+    permissions:
+      pull-requests: write # To comment on a Pull Request
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup JDK17
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - name: Dirty Waters Analysis
+        uses: chains-project/dirty-waters-action@57e2b7be964e687bdab629460efb274053fe3b28 # v1.11.45
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          package_manager: maven
+          gradual_report: false
+          debug: true
+          config: dirty-waters.json
+
diff --git a/dirty-waters.json b/dirty-waters.json
new file mode 100644
index 00000000..056689f6
--- /dev/null
+++ b/dirty-waters.json
@@ -0,0 +1,64 @@
+{
+    "ignore": {
+        "aopalliance:aopalliance@1.0": ["code_signature"],
+        "com.google.collections:google-collections@1.0": ["code_signature"],
+        "com.google.guava:guava@33.4.0-jre": ["source_code_sha"],
+        "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"],
+        "commons-chain:commons-chain@1.1": ["code_signature"],
+        "commons-cli:commons-cli@1.8.0": ["source_code_sha"],
+        "commons-codec:commons-codec@1.16.1": ["source_code_sha"],
+        "commons-codec:commons-codec@1.17.1": ["source_code_sha"],
+        "commons-codec:commons-codec@1.18.0": ["source_code_sha"],
+        "commons-digester:commons-digester@1.8": ["code_signature"],
+        "commons-io:commons-io@2.11.0": ["source_code_sha"],
+        "commons-io:commons-io@2.14.0": ["source_code_sha"],
+        "commons-io:commons-io@2.16.1": ["source_code_sha"],
+        "commons-io:commons-io@2.18.0": ["source_code_sha"],
+        "dom4j:dom4j@1.1": ["source_code", "code_signature"],
+        "io.github.crac:org-crac@0.1.3": ["source_code_sha"],
+        "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"],
+        "jakarta.el:jakarta.el-api@5.0.1": ["source_code_sha"],
+        "jakarta.interceptor:jakarta.interceptor-api@2.2.0": ["source_code_sha"],
+        "jakarta.json:jakarta.json-api@2.1.3": ["source_code_sha"],
+        "javax.inject:javax.inject@1": ["code_signature"],
+        "om.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"],
+        "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"],
+        "org.aesh:readline@2.6": ["code_signature"],
+        "org.apache.commons:commons-collections4@4.4": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.26.1": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"],
+        "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"],
+        "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"],
+        "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"],
+        "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"],
+        "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"],
+        "org.iq80.snappy:snappy@0.4": ["source_code"],
+        "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"],
+        "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"],
+        "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"],
+        "org.jboss.logmanager:jboss-logmanager@3.1.2.Final": ["code_signature"],
+        "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"],
+        "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"],
+        "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"],
+        "org.jdom:jdom2@2.0.6.1": ["source_code_sha"],
+        "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"],
+        "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"],
+        "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"],
+        "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"],
+        "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"],
+        "org.twdata.maven:mojo-executor@2.4.0": ["source_code_sha"],
+        "org.wildfly.common:wildfly-common@2.0.1": ["code_signature"],
+        "oro:oro@2.0.8": ["source_code", "code_signature"]
+    },
+    "ignore-if-parent": {
+        "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"],
+        "org.apache.maven.plugins:maven-artifact-plugin@3.6.0": ["source_code_sha"],
+        "org.apache.maven.plugins:maven-site-plugin@3.21.0": ["source_code_sha"]
+    }
+}