diff --git a/.github/workflows/audit_rust.yml b/.github/workflows/audit_rust.yml
new file mode 100644
index 00000000..bf80d985
--- /dev/null
+++ b/.github/workflows/audit_rust.yml
@@ -0,0 +1,26 @@
+---
+name: Audit Rust code
+
+on:
+  push:
+    branches: ["**"]
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - "**/deny.toml"
+  schedule:
+    - cron: "43 1 * * *"
+  workflow_dispatch:
+
+jobs:
+  rust_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: recursive
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          credentials: https://fiberplanebot:${{ secrets.PRIVATE_GITHUB_TOKEN }}@github.com/
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..8d13c457
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,49 @@
+[advisories]
+ignore = []
+yanked = "deny"
+
+[licenses]
+allow = [
+    "0BSD",
+    "Apache-2.0 WITH LLVM-exception",
+    "Apache-2.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "MIT",
+    "MPL-2.0",
+    "OpenSSL",
+    "Unicode-DFS-2016",
+    "Unlicense",
+    "WTFPL",
+    "Zlib",
+]
+confidence-threshold = 0.8
+exceptions = []
+
+[[licenses.clarify]]
+crate = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+[licenses.private]
+ignore = true
+
+[bans]
+multiple-versions = "allow"
+wildcards = "allow"
+highlight = "all"
+workspace-default-features = "allow"
+external-default-features = "allow"
+
+deny = []
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
+
+[sources.allow-org]
+github = ["fiberplane", "autometrics-dev"]
diff --git a/examples/example-plugin/Cargo.toml b/examples/example-plugin/Cargo.toml
index 8b8ab34c..97005bf8 100644
--- a/examples/example-plugin/Cargo.toml
+++ b/examples/example-plugin/Cargo.toml
@@ -3,6 +3,7 @@ authors = ["Fiberplane <info@fiberplane.com>"]
 edition = "2018"
 name = "example-plugin"
 version = "0.1.0"
+publish = false
 
 [lib]
 crate-type = ["cdylib"]
diff --git a/examples/example-protocol/Cargo.toml b/examples/example-protocol/Cargo.toml
index 2ccb66ba..5a511ee3 100644
--- a/examples/example-protocol/Cargo.toml
+++ b/examples/example-protocol/Cargo.toml
@@ -3,6 +3,7 @@ authors = ["Fiberplane <info@fiberplane.com>"]
 edition = "2018"
 name = "example-protocol"
 version = "0.1.0"
+publish = false
 
 [dependencies]
 bytes = { version = "1", features = ["serde"] }
diff --git a/examples/example-rust-wasmer2-runtime/Cargo.toml b/examples/example-rust-wasmer2-runtime/Cargo.toml
index aabda45e..31de67db 100644
--- a/examples/example-rust-wasmer2-runtime/Cargo.toml
+++ b/examples/example-rust-wasmer2-runtime/Cargo.toml
@@ -2,6 +2,7 @@
 edition = "2021"
 name = "example-rust-wasmer2-runtime"
 version = "0.1.0"
+publish = false
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
diff --git a/examples/redux-example/Cargo.toml b/examples/redux-example/Cargo.toml
index bdb6e9c8..293429bb 100644
--- a/examples/redux-example/Cargo.toml
+++ b/examples/redux-example/Cargo.toml
@@ -3,6 +3,7 @@ authors = ["Fiberplane <info@fiberplane.dev>"]
 edition = "2018"
 name = "redux-example"
 version = "0.1.0"
+publish = false
 
 [dependencies]
 fp-bindgen = {path = "../../fp-bindgen"}
diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml
index 415360b6..4a03c1a3 100644
--- a/xtask/Cargo.toml
+++ b/xtask/Cargo.toml
@@ -2,6 +2,7 @@
 name = "fp-bindgen-xtask"
 version = "0.1.0"
 edition = "2021"
+publish = false
 
 [dependencies]
 anyhow = "1"