diff --git a/.github/actions/security/lockfile/action.yml b/.github/actions/security/lockfile/action.yml
new file mode 100644
index 0000000000..9eb24ffcef
--- /dev/null
+++ b/.github/actions/security/lockfile/action.yml
@@ -0,0 +1,24 @@
+name: 'Analyze lockfile dependencies'
+description: 'Parse dependencies from the yarn lockfile and run security tests on them'
+inputs:
+  path:
+    description: 'Path to the yarn lockfile'
+    required: false
+    default: 'yarn.lock'
+  type:
+    description: 'Lockfile type, either yarn or npm'
+    default: 'yarn'
+    required: false
+  allowedHosts:
+    description: 'Allowed hosts for packages resolution'
+    required: false
+    default: 'https://registry.yarnpkg.com'
+runs:
+  using: 'composite'
+  steps:
+    - run: $GITHUB_ACTION_PATH/script.sh
+      env:
+        LOCKFILE_PATH: ${{ inputs.path }}
+        LOCKFILE_TYPE: ${{ inputs.type }}
+        LOCKFILE_ALLOWED_HOSTS: ${{ inputs.allowedHosts }}
+      shell: bash
diff --git a/.github/actions/security/lockfile/script.sh b/.github/actions/security/lockfile/script.sh
new file mode 100755
index 0000000000..1a6db6d0c5
--- /dev/null
+++ b/.github/actions/security/lockfile/script.sh
@@ -0,0 +1,7 @@
+yarn global add lockfile-lint
+
+lockfile-lint \
+    --type $LOCKFILE_TYPE \
+    --path $LOCKFILE_PATH \
+    --allowed-hosts $LOCKFILE_ALLOWED_HOSTS \
+    --validate-https
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index c5dd384ccf..cdbee9aa48 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -17,3 +17,8 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - uses: ./.github/actions/check-pr-status
+  security-lockfile-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/security/lockfile