diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index ea07c7f3..5d77350a 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml
@@ -50,6 +50,30 @@ jobs:
       - name: Run tox
         run: poetry run tox run -e pyupgrade -s false
 
+  deptry:
+    name: test dependencies
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e deptry -s false
+
   coding-standards:
     name: Linting & CodingStandards
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b0548b3e..0de3c4b3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,9 +64,32 @@ jobs:
       - name: Run tox
         run: poetry run tox run -e py -s false
 
+  deptry:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e deptry -s false
+
   release:
     needs:
       - quicktest
+      - deptry
     # https://github.community/t/how-do-i-specify-job-dependency-running-in-another-workflow/16482
     # limit this to being run on regular commits, not the commits that semantic-release will create
     # but also allow manual workflow dispatch
diff --git a/pyproject.toml b/pyproject.toml
index 118000fb..523bc7c4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -101,6 +101,7 @@ tox = "4.27.0"
 xmldiff = "2.7.0"
 bandit = "1.8.5"
 pyupgrade = "3.20.0"
+deptry = "0.23.0"
 
 [tool.semantic_release]
 # see https://python-semantic-release.readthedocs.io/en/latest/configuration.html
@@ -148,3 +149,6 @@ prerelease_token = "alpha"
 match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)"
 prerelease = true
 prerelease_token = "rc"
+
+[tool.deptry]
+extend_exclude = ["docs", "examples", "package_aliases", "tools"]
diff --git a/tox.ini b/tox.ini
index 20b36023..d2e0b47f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,6 +10,7 @@ envlist =
     mypy-{current,lowest}
     py{313,312,311,310,39}-{allExtras,noExtras}
     bandit
+    deptry
 skip_missing_interpreters = True
 usedevelop = False
 download = False
@@ -44,6 +45,11 @@ commands =
 commands =
     poetry run bandit -c bandit.yml -v -r cyclonedx tests examples tools
 
+[testenv:deptry]
+# config is in `pyproject.toml`
+command =
+    poetry run deptry -v .
+
 [testenv:pyupgrade]
 allowlist_externals = poetry, sh
 commands = sh -c "\