diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 77e8195a..15d469b0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,8 +4,19 @@ on:
   push:
     branches:
       - '**'
+  pull_request:
 
 jobs:
+  phylum-analyze:
+    if: ${{ github.event.pull_request }}
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
+    permissions:
+      id-token: write
+      pull-requests: write
+      contents: read
+    secrets:
+      phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
+
   snyk-scan-deps-licences:
     runs-on: ubuntu-latest
     permissions:
diff --git a/.phylum_project b/.phylum_project
new file mode 100644
index 00000000..90ab1d36
--- /dev/null
+++ b/.phylum_project
@@ -0,0 +1,7 @@
+id: ad50ad22-146e-4339-80ea-d895b4bce133
+name: radix-dapp-toolkit
+created_at: 2024-06-03T08:21:31.593544+02:00
+group_name: dApp-engineering
+depfiles:
+- path: ./package-lock.json
+  type: npm