diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5e372655..ac1f5f2c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,10 +1,6 @@
 name: CI
 
-on:
-  push:
-    branches: [ master, community ]
-  pull_request:
-    branches: [ master, community ]
+on: [push, pull_request]
 
 jobs:
   test:
@@ -39,3 +35,23 @@ jobs:
           bundle install --jobs 4 --retry 3
           bin/rails db:prepare
           bin/rails test
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Install Ruby and gems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.1.x
+          bundler-cache: true
+
+      - name: Security audit dependencies
+        run: bin/bundler-audit --update
+
+      - name: Security audit application code
+        run: bin/brakeman -q -w3
+
+      - name: Lint Ruby files
+        run: bundle exec rubocop --parallel
diff --git a/Gemfile b/Gemfile
index 0f19c213..71f6bf46 100644
--- a/Gemfile
+++ b/Gemfile
@@ -47,17 +47,19 @@ gem 'pundit'
 gem 'devise-i18n'
 gem 'doorkeeper-i18n'
 gem 'rails-i18n'
-gem 'rubocop', require: false
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
+  gem 'brakeman'
+  gem 'bundler-audit'
   gem 'byebug', platform: %i[mri mingw x64_mingw]
   gem 'factory_bot_rails'
+  gem 'rubocop'
+  gem 'rubocop-rails', require: false
 end
 
 group :development do
   # gem 'listen', '~> 3.2.1'
-  gem 'rubocop-rails', require: false
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   # gem 'spring'
   # gem 'spring-watcher-listen', '~> 2.0.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 16ac2566..402222e9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -72,7 +72,11 @@ GEM
     bcrypt (3.1.18)
     bootsnap (1.13.0)
       msgpack (~> 1.2)
+    brakeman (6.0.1)
     builder (3.2.4)
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     byebug (11.1.3)
     carrierwave (2.1.1)
       activemodel (>= 5.0.0)
@@ -256,6 +260,8 @@ PLATFORMS
 DEPENDENCIES
   bcrypt (~> 3.1.13)
   bootsnap (>= 1.4.5)
+  brakeman
+  bundler-audit
   byebug
   carrierwave (~> 2.1.1)
   carrierwave-base64 (~> 2.8.0)