diff --git a/.github/workflows/ci-unwelcome-words.yml b/.github/workflows/ci-unwelcome-words.yml
index 4e5f3a6..12ffb5e 100644
--- a/.github/workflows/ci-unwelcome-words.yml
+++ b/.github/workflows/ci-unwelcome-words.yml
@@ -5,6 +5,7 @@ on:
 
 jobs:
   test:
+    if: github.actor != 'dependabot[bot]'
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v4
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000..613d18d
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,12 @@
+name: Scan licenses and vulnerabilities in java project
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1'
+
+jobs:
+  build:
+    uses: th2-net/.github/.github/workflows/compound-java-scan.yml@main
+    secrets:
+      nvd-api-key: ${{ secrets.NVD_APIKEY }}
\ No newline at end of file