diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 42f8e50c..6fd6eb29 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -30,3 +30,12 @@ updates:
       github-actions:
         patterns:
           - "*"
+
+  - package-ecosystem: npm
+    directory: "/frontend"
+    schedule:
+      interval: monthly
+    groups:
+      frontend-deps:
+        patterns:
+          - "*"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b93ab198..78ae1f87 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -116,6 +116,32 @@ jobs:
       - name: Lint OpenAPI contract
         run: make openapi-lint
 
+  frontend-audit:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: frontend
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v6
+        with:
+          cache: true
+          cache_dependency_path: frontend/pnpm-lock.yaml
+          package_json_file: frontend/package.json
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: ".tool-versions"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Audit dependencies
+        run: pnpm audit --audit-level=moderate
+
   frontend:
     runs-on: ubuntu-latest
     defaults:
@@ -148,9 +174,6 @@ jobs:
       - name: Check formatting
         run: pnpm run format:check
 
-      - name: Audit dependencies
-        run: pnpm audit --audit-level=moderate
-
       - name: Run frontend tests
         run: pnpm run test:ci