diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml
index e85984e24..1588229c1 100644
--- a/.github/workflows/code-qualitiy.yml
+++ b/.github/workflows/code-qualitiy.yml
@@ -99,3 +99,36 @@ jobs:
 
       - name: Run reproducibility check
         run: mvn clean install
+  dirty-waters:
+    runs-on:
+        ubuntu-latest
+    permissions:
+      pull-requests: write # To comment on a Pull Request
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+
+      - name: Verify action checksums
+        uses: ./.github/actions/ghasum
+
+      - name: Setup JDK17
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Dirty Waters Analysis
+        uses: chains-project/dirty-waters-action@30bc4ef96e9c59f85efb05affc2992353d65870b # v1.11.52
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          package_manager: maven
+          gradual_report: false
+          debug: true
+          config: dirty-waters.json
+
diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum
index ae00b7543..746aaee9d 100755
--- a/.github/workflows/gha.sum
+++ b/.github/workflows/gha.sum
@@ -1,12 +1,16 @@
 version 1
 
 actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 Wn6UGuh8/0fkcOLI8uEQmhssKaMEfnm77brXOpwKe7A=
+actions/cache@v4.2.3 A/Paejdu47oer1Zf9zbtOgbMTG3OmOiXsgB6oodFIOU=
 actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 aYx2ZNrV/U9daVa5XJLnuR3depD7lQqzkyRhH4E9bOU=
+actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 g2V9DAwkHBbZHaTOx4M2g/r9wI49KupzyARL47t/rEQ=
 actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 Gd1O6ZG0JtkpyKVsxOwIuNtshdlcYheIADUYdNOIOjo=
 actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 vSiNC7HetrtPF3QhZDzPHWyJ1e8pFltzruLjcw65Sok=
 actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA1OGC3jxGBnmx7eTIdEzwSoI=
 actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I=
+actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c=
 actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8=
+chains-project/dirty-waters-action@30bc4ef96e9c59f85efb05affc2992353d65870b JTXn8ep3K5YnkSpNVyVVe85RAxg2eQ2X+TKP5A6JgyA=
 github/codeql-action@96f518a34f7a870018057716cc4d7a5c014bd61c h0CGAC50uRuMQV8hj6pLuc5zMsaXvXYE/35vEhbnEbs=
 jreleaser/release-action@f69e545b05f149483cecb2fb81866247992694b8 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs=
 ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde NlVzVIaycy3fhYp7tgiwvpWvzSsPa48uTVejF6tHEog=
diff --git a/dirty-waters.json b/dirty-waters.json
new file mode 100644
index 000000000..cb871eb76
--- /dev/null
+++ b/dirty-waters.json
@@ -0,0 +1,123 @@
+{
+    "ignore": {
+        "aopalliance:aopalliance@1.0": ["code_signature"],
+        "com.diffplug.durian:durian-collect@1.2.0": ["source_code_sha"],
+        "com.diffplug.durian:durian-core@1.2.0": ["source_code_sha"],
+        "com.diffplug.durian:durian-io@1.2.0": ["source_code_sha"],
+        "com.diffplug.spotless:spotless-lib-extra@3.1.2": ["source_code_sha"],
+        "com.diffplug.spotless:spotless-lib@3.1.2": ["source_code_sha"],
+        "com.diffplug.spotless:spotless-maven-plugin@2.44.5": ["source_code_sha"],
+        "com.google.code.gson:gson@2.12.1": ["source_code_sha"],
+        "com.google.code.gson:gson@2.13.1": ["source_code_sha"],
+        "com.google.collections:google-collections@1.0": ["code_signature"],
+        "com.google.guava:guava@32.0.1-jre": ["source_code_sha"],
+        "com.google.guava:guava@33.2.1-jre": ["source_code_sha"],
+        "com.google.guava:guava@33.4.0-jre": ["source_code_sha"],
+        "com.google.guava:guava@33.4.8-jre": ["source_code_sha"],
+        "com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava": ["source_code_sha"],
+        "com.google.protobuf:protobuf-java-util@4.29.3": ["source_code_sha"],
+        "com.google.protobuf:protobuf-java@4.29.3": ["source_code_sha"],
+        "com.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"],
+        "com.soebes.itf.jupiter.extension:itf-assertj@0.13.1": ["source_code_sha"],
+        "com.soebes.itf.jupiter.extension:itf-extension-maven@0.13.1": ["source_code_sha"],
+        "com.soebes.itf.jupiter.extension:itf-jupiter-extension@0.13.1": ["source_code_sha"],
+        "com.soebes.itf.jupiter.extension:itf-maven-plugin@0.13.1": ["source_code_sha"],
+        "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"],
+        "commons-chain:commons-chain@1.1": ["code_signature"],
+        "commons-cli:commons-cli@1.8.0": ["source_code_sha"],
+        "commons-codec:commons-codec@1.16.1": ["source_code_sha"],
+        "commons-codec:commons-codec@1.17.0": ["source_code_sha"],
+        "commons-codec:commons-codec@1.17.1": ["source_code_sha"],
+        "commons-codec:commons-codec@1.17.2": ["source_code_sha"],
+        "commons-codec:commons-codec@1.18.0": ["source_code_sha"],
+        "commons-digester:commons-digester@1.8": ["code_signature"],
+        "commons-io:commons-io@2.11.0": ["source_code_sha"],
+        "commons-io:commons-io@2.14.0": ["source_code_sha"],
+        "commons-io:commons-io@2.16.1": ["source_code_sha"],
+        "commons-io:commons-io@2.18.0": ["source_code_sha"],
+        "commons-io:commons-io@2.19.0": ["source_code_sha"],
+        "dev.equo.ide:solstice@1.8.1": ["source_code_sha"],
+        "dom4j:dom4j@1.1": ["source_code", "code_signature"],
+        "io.github.crac:org-crac@0.1.3": ["source_code_sha"],
+        "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"],
+        "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"],
+        "jakarta.el:jakarta.el-api@5.0.1": ["source_code_sha"],
+        "jakarta.interceptor:jakarta.interceptor-api@2.2.0": ["source_code_sha"],
+        "jakarta.json:jakarta.json-api@2.1.3": ["source_code_sha"],
+        "javax.inject:javax.inject@1": ["code_signature"],
+        "om.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"],
+        "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"],
+        "org.aesh:readline@2.6": ["code_signature"],
+        "org.apache.commons:commons-collections4@4.4": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.26.1": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.26.2": ["source_code_sha"],
+        "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"],
+        "org.apache.commons:commons-lang3@3.8.1": ["source_code_sha"],
+        "org.apache.commons:commons-text@1.12.0": ["source_code_sha"],
+        "org.apache.httpcomponents:httpclient@4.5.13": ["source_code_sha"],
+        "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"],
+        "org.apache.httpcomponents:httpcore@4.4.14": ["source_code_sha"],
+        "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"],
+        "org.apache.logging.log4j:log4j-api@2.24.3": ["source_code_sha"],
+        "org.apache.logging.log4j:log4j-core@2.24.3": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-decoration-model@1.11.1": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-integration-tools@2.0.0": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-site-model@2.0.0": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-site-renderer@1.11.1": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-site-renderer@2.0.0": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-skin-model@1.11.1": ["source_code_sha"],
+        "org.apache.maven.doxia:doxia-skin-model@2.0.0": ["source_code_sha"],
+        "org.assertj:assertj-core@3.24.2": ["source_code_sha"],
+        "org.bouncycastle:bcpg-jdk18on@1.78.1": ["source_code_sha"],
+        "org.bouncycastle:bcpkix-jdk18on@1.80": ["source_code_sha"],
+        "org.bouncycastle:bcprov-jdk18on@1.80": ["source_code_sha"],
+        "org.bouncycastle:bcutil-jdk18on@1.80": ["source_code_sha"],
+        "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"],
+        "org.eclipse.jetty:jetty-http@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-io@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-security@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-server@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-servlet@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-util-ajax@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-util@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-webapp@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.jetty:jetty-xml@9.4.56.v20240826": ["source_code_sha"],
+        "org.eclipse.platform:org.eclipse.osgi@3.23.0": ["source_code_sha"],
+        "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M2": ["source_code_sha"],
+        "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"],
+        "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M2": ["source_code_sha"],
+        "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"],
+        "org.instancio:instancio-core@5.4.1": ["source_code_sha"],
+        "org.instancio:instancio-junit@5.4.1": ["source_code_sha"],
+        "org.iq80.snappy:snappy@0.4": ["source_code"],
+        "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"],
+        "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"],
+        "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"],
+        "org.jboss.logmanager:jboss-logmanager@3.1.2.Final": ["code_signature"],
+        "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"],
+        "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"],
+        "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"],
+        "org.jdom:jdom2@2.0.6.1": ["source_code_sha"],
+        "org.jetbrains:annotations@13.0": ["source_code_sha"],
+        "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"],
+        "org.junit.platform:junit-platform-commons@1.13.0": ["source_code_sha"],
+        "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"],
+        "org.junit.platform:junit-platform-engine@1.13.0": ["source_code_sha"],
+        "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"],
+        "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"],
+        "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"],
+        "org.twdata.maven:mojo-executor@2.4.0": ["source_code_sha"],
+        "org.wildfly.common:wildfly-common@2.0.1": ["code_signature"],
+        "oro:oro@2.0.8": ["source_code", "code_signature"]
+    },
+    "ignore-if-parent": {
+        "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"],
+        "org.apache.maven.plugins:maven-artifact-plugin@3.6.0": ["source_code_sha"],
+        "org.apache.maven.plugins:maven-site-plugin@3.21.0": ["source_code_sha"]
+    }
+}