diff --git a/build.gradle.kts b/build.gradle.kts
index 330dc566c64..a95732cd6a4 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -1,6 +1,17 @@
 plugins {
     id("org.openrewrite.build.root") version("latest.release")
     id("org.openrewrite.build.java-base") version("latest.release")
+    id("org.owasp.dependencycheck") version("latest.release")
+}
+
+configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
+    analyzers.assemblyEnabled = false
+    analyzers.nodeAuditEnabled = false
+    analyzers.nodeEnabled = false
+    failBuildOnCVSS = System.getenv("FAIL_BUILD_ON_CVSS")?.toFloatOrNull() ?: 9.0F
+    format = System.getenv("DEPENDENCY_CHECK_FORMAT") ?: "HTML"
+    nvd.apiKey = System.getenv("NVD_API_KEY")
+    suppressionFile = "suppressions.xml"
 }
 
 repositories {
diff --git a/suppressions.xml b/suppressions.xml
new file mode 100644
index 00000000000..a301f5fb8c4
--- /dev/null
+++ b/suppressions.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2024-09-12">
+        <notes><![CDATA[
+        file name: okio-jvm-2.8.0.jar
+        sev: HIGH
+        reason: pinned while awaiting 5.x release
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
+        <cve>CVE-2023-3635</cve>
+    </suppress>
+    <suppress until="2024-09-12">
+        <notes><![CDATA[
+        file name: develocity-gradle-plugin-3.17.6.jar: junit-platform-engine-1.10.3.jar
+        sev: CRITICAL
+        reason: not applicable to the project
+        ]]></notes>
+        <cve>CVE-2023-45161</cve>
+        <cve>CVE-2023-45163</cve>
+        <cve>CVE-2023-5964</cve>
+    </suppress>
+    <suppress until="2024-09-12">
+        <notes><![CDATA[
+        file name: gradle-enterprise-gradle-plugin-3.17.6.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.gradle/gradle-enterprise-gradle-plugin@.*$</packageUrl>
+        <cve>CVE-2019-11402</cve>
+        <cve>CVE-2019-11403</cve>
+        <cve>CVE-2021-41589</cve>
+        <cve>CVE-2023-49238</cve>
+        <cve>CVE-2022-25364</cve>
+        <cve>CVE-2020-15773</cve>
+        <cve>CVE-2020-15767</cve>
+    </suppress>
+</suppressions>
\ No newline at end of file