diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml
index 1bcfb336e..47f0e4873 100644
--- a/.github/workflows/code-qualitiy.yml
+++ b/.github/workflows/code-qualitiy.yml
@@ -97,3 +97,36 @@ jobs:
 
       - name: Run reproducibility check
         run: mvn clean install
+  dirty-waters:
+    runs-on:
+        ubuntu-latest
+    permissions:
+      pull-requests: write # To comment on a Pull Request
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+
+      - name: Verify action checksums
+        uses: ./.github/actions/ghasum
+
+      - name: Setup JDK17
+        uses: actions/setup-java@v4.7.1
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Dirty Waters Analysis
+        uses: chains-project/dirty-waters-action@v1.11.48
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          package_manager: maven
+          gradual_report: false
+          debug: true
+          config: dirty-waters.json
+
diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum
index 7ff579f3a..bd4450605 100755
--- a/.github/workflows/gha.sum
+++ b/.github/workflows/gha.sum
@@ -6,8 +6,10 @@ actions/dependency-review-action@v4.7.1 hJDiqW4455iVs8gVcWjiEbjhuvh0oXQKy9fN/BGF
 actions/setup-go@v5.5.0 vSiNC7HetrtPF3QhZDzPHWyJ1e8pFltzruLjcw65Sok=
 actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA1OGC3jxGBnmx7eTIdEzwSoI=
 actions/setup-java@v4.7.1 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I=
+actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c=
 actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8=
 actions/upload-artifact@v4.6.2 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8=
+chains-project/dirty-waters-action@v1.11.48 BlbW87cG7BWyVwIVCVZ404lqjY7rTn4kW8qvMsJMUTw=
 github/codeql-action@fca7ace96b7d713c7035871441bd52efbe39e27e isV5lqC6wkNvVt39ZRMEzeObQFeIfinccYsbjv7/JTc=
 github/codeql-action@v3.28.19 isV5lqC6wkNvVt39ZRMEzeObQFeIfinccYsbjv7/JTc=
 jreleaser/release-action@2.4.2 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs=
diff --git a/dirty-waters.json b/dirty-waters.json
new file mode 100644
index 000000000..379a13c5d
--- /dev/null
+++ b/dirty-waters.json
@@ -0,0 +1,65 @@
+{
+    "ignore": {
+        "aopalliance:aopalliance@1.0": ["code_signature"],
+        "com.google.collections:google-collections@1.0": ["code_signature"],
+        "com.google.guava:guava@33.4.0-jre": ["source_code_sha"],
+        "com.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"],
+        "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"],
+        "commons-chain:commons-chain@1.1": ["code_signature"],
+        "commons-cli:commons-cli@1.8.0": ["source_code_sha"],
+        "commons-codec:commons-codec@1.16.1": ["source_code_sha"],
+        "commons-codec:commons-codec@1.17.1": ["source_code_sha"],
+        "commons-codec:commons-codec@1.18.0": ["source_code_sha"],
+        "commons-digester:commons-digester@1.8": ["code_signature"],
+        "commons-io:commons-io@2.11.0": ["source_code_sha"],
+        "commons-io:commons-io@2.14.0": ["source_code_sha"],
+        "commons-io:commons-io@2.16.1": ["source_code_sha"],
+        "commons-io:commons-io@2.18.0": ["source_code_sha"],
+        "dom4j:dom4j@1.1": ["source_code", "code_signature"],
+        "io.github.crac:org-crac@0.1.3": ["source_code_sha"],
+        "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"],
+        "jakarta.el:jakarta.el-api@5.0.1": ["source_code_sha"],
+        "jakarta.interceptor:jakarta.interceptor-api@2.2.0": ["source_code_sha"],
+        "jakarta.json:jakarta.json-api@2.1.3": ["source_code_sha"],
+        "javax.inject:javax.inject@1": ["code_signature"],
+        "om.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"],
+        "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"],
+        "org.aesh:readline@2.6": ["code_signature"],
+        "org.apache.commons:commons-collections4@4.4": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.26.1": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"],
+        "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"],
+        "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"],
+        "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"],
+        "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"],
+        "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"],
+        "org.iq80.snappy:snappy@0.4": ["source_code"],
+        "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"],
+        "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"],
+        "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"],
+        "org.jboss.logmanager:jboss-logmanager@3.1.2.Final": ["code_signature"],
+        "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"],
+        "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"],
+        "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"],
+        "org.jdom:jdom2@2.0.6.1": ["source_code_sha"],
+        "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"],
+        "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"],
+        "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"],
+        "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"],
+        "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"],
+        "org.twdata.maven:mojo-executor@2.4.0": ["source_code_sha"],
+        "org.wildfly.common:wildfly-common@2.0.1": ["code_signature"],
+        "oro:oro@2.0.8": ["source_code", "code_signature"]
+    },
+    "ignore-if-parent": {
+        "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"],
+        "org.apache.maven.plugins:maven-artifact-plugin@3.6.0": ["source_code_sha"],
+        "org.apache.maven.plugins:maven-site-plugin@3.21.0": ["source_code_sha"]
+    }
+}