diff --git a/profiles/github/openssf_security_baseline.yaml b/profiles/github/openssf_security_baseline.yaml
index 785f1d4..5ab6c0d 100644
--- a/profiles/github/openssf_security_baseline.yaml
+++ b/profiles/github/openssf_security_baseline.yaml
@@ -30,6 +30,7 @@ repository:
     def: {}
 
   # (TODO) Credentials with minimal permissions
+  # TBD: https://github.com/stacklok/minder-rules-and-profiles/pull/126
 
   # Check for a Security Insights file in the repo
   - type: security_insights
@@ -53,7 +54,7 @@ repository:
         - slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
 
   # (TODO) Hardened Workflows
-
+  
   # Static code analysis: CodeQL
   - type: codeql_enabled
     def:
diff --git a/rule-types/github/security_insights_dep_policy.yaml b/rule-types/github/security_insights_dep_policy.yaml
new file mode 100644
index 0000000..8a684f8
--- /dev/null
+++ b/rule-types/github/security_insights_dep_policy.yaml
@@ -0,0 +1,68 @@
+---
+version: v1
+type: rule-type
+name: security_insights_dep_policy
+severity:
+  value: low
+context:
+  provider: github
+description: |
+  Parses the repository's `SECURITY_INSIGHTS.yaml` file and looks for a 
+  pointer to a dependency policy.
+
+  [Security Insights](https://github.com/ossf/security-insights-spec/) is a 
+  specification that lets projects publish data and pointers to resources about
+  the repository, maintainers, releases and other security aspects in a 
+  machine-readable format to make it easy for automated tools to locate them.
+
+  This ruletype parses the security insights yaml and checks for a pointer to
+  the dependencies policy (`policy-url`). No attempt to retrieve it is done.
+
+guidance: |
+  If you have a security insights file (defaults to `SECURITY-INSIGHTS.yml`),
+  ensure that the dependency policy field is defined
+  (`dependencies.env-dependencies-policy.policy-url`).
+  
+  For more information on how to create one, refer to the SI specification at
+  https://github.com/ossf/security-insights-spec/
+def:
+  # Defines the section of the pipeline the rule will appear in.
+  # This will affect the template used to render multiple parts
+  # of the rule.
+  in_entity: repository
+  # Defines the schema for writing a rule with this rule being checked
+  # In this case there are no settings that need to be configured
+  rule_schema:
+    type: object
+    properties:
+      filename:
+        type: string
+        description: |
+          The path to the Security Insights file
+        default: SECURITY-INSIGHTS.yml
+    required:
+      - filename
+  # Defines the configuration for ingesting data relevant for the rule
+  ingest:
+    type: git
+    git: {}
+  eval:
+    type: rego
+    rego:
+      type: deny-by-default
+      def: |
+        package minder
+        import rego.v1
+
+        default allow := false
+        
+        allow if {  
+          file.exists(input.profile.filename)
+          sifile := file.read(input.profile.filename)
+          si := yaml.unmarshal(sifile)
+          si.dependencies["env-dependencies-policy"]["policy-url"] != ""
+        }
+  # Defines the configuration for alerting on the rule
+  alert:
+    type: security_advisory
+    security_advisory: {}