diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 00000000..9590db8a
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,27 @@
+name: dependency-review
+
+on:
+  pull_request:
+    branches: [ main ]
+
+permissions: {}
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          filter: 'tree:0'
+          show-progress: false
+
+      - name: Review dependencies
+        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
+        with:
+          allow-licenses: 'Apache-2.0,BSD-3-Clause,MIT'
diff --git a/examples/net8.0/aspnetcore/Controllers/HttpClientController.cs b/examples/net8.0/aspnetcore/Controllers/HttpClientController.cs
index ddef0f57..a170212c 100644
--- a/examples/net8.0/aspnetcore/Controllers/HttpClientController.cs
+++ b/examples/net8.0/aspnetcore/Controllers/HttpClientController.cs
@@ -21,7 +21,7 @@ public async Task<ActionResult<IEnumerable<string>>> Get()
     [HttpGet]
     public async Task<ActionResult<IEnumerable<string>>> GetError()
     {
-        var response = await client.GetAsync("http://postman-echo.com/status/500");
+        var response = await client.GetAsync("https://postman-echo.com/status/500");
         var content = await response.Content.ReadAsStringAsync();
         return Ok(content);
     }
diff --git a/examples/net8.0/aspnetcore/Dockerfile b/examples/net8.0/aspnetcore/Dockerfile
index cc91f6b1..5b658f20 100644
--- a/examples/net8.0/aspnetcore/Dockerfile
+++ b/examples/net8.0/aspnetcore/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0.410@sha256:b56053d0a8f4627047740941396e76cd9e7a9421c83b1d81b68f10e5019862d7 AS build
 ARG TARGETARCH
 ARG CONFIGURATION="Release"
 ARG DOTNET_PUBLISH_ARGS=""
@@ -11,7 +11,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN --mount=type=cache,id=nuget,target=/root/.nuget/packages \
     dotnet publish "examples/net8.0/aspnetcore/aspnetcore.csproj" --arch "${TARGETARCH}" --configuration "${CONFIGURATION}" --output /app ${DOTNET_PUBLISH_ARGS}
 
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS final
+FROM mcr.microsoft.com/dotnet/sdk:8.0.410@sha256:b56053d0a8f4627047740941396e76cd9e7a9421c83b1d81b68f10e5019862d7 AS final
 WORKDIR /app
 EXPOSE 8080