diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a06f97c8c22..1cf79834a2d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -159,21 +159,3 @@ jobs:
     - name: Run test script checker/bin-devel/test-${{ matrix.script }}
       shell: bash
       run: ./checker/bin-devel/test-${{ matrix.script }}.sh
-
-  dependency-submission:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-    - uses: actions/checkout@v4
-    - name: Set up JDK 21
-      uses: actions/setup-java@v4
-      with:
-        java-version: '21'
-        distribution: 'temurin'
-
-    # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
-    # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
-    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4.0.0
-
diff --git a/.github/workflows/dependency-download-and-submit.yml b/.github/workflows/dependency-download-and-submit.yml
new file mode 100644
index 00000000000..422643ac428
--- /dev/null
+++ b/.github/workflows/dependency-download-and-submit.yml
@@ -0,0 +1,20 @@
+# See: https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories
+name: Download and submit dependency graph
+
+on:
+  workflow_run:
+    workflows: ['Generate and save dependency graph']
+    types: [completed]
+
+permissions:
+  actions: read
+  contents: write
+
+jobs:
+  submit-dependency-graph:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download and submit dependency graph
+        uses: gradle/actions/dependency-submission@v4
+        with:
+          dependency-graph: download-and-submit # Download saved dependency-graph and submit
diff --git a/.github/workflows/dependency-generate-and-upload.yml b/.github/workflows/dependency-generate-and-upload.yml
new file mode 100644
index 00000000000..f746d23e0fc
--- /dev/null
+++ b/.github/workflows/dependency-generate-and-upload.yml
@@ -0,0 +1,24 @@
+# See: https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories
+name: Generate and save dependency graph
+
+on:
+  pull_request:
+
+permissions:
+  contents: read # 'write' permission is not available
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Generate and save dependency graph
+        uses: gradle/actions/dependency-submission@v4
+        with:
+          dependency-graph: generate-and-upload
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 00000000000..1c3553d96b5
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,18 @@
+# See: https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories
+name: Dependency review
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Dependency review'
+        uses: actions/dependency-review-action@v4
+        with:
+          retry-on-snapshot-warnings: true
+          retry-on-snapshot-warnings-timeout: 600