diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 7eb40fec8c..154b5806d7 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -25,7 +25,7 @@ jobs:
           go-version: "1.22"
           check-latest: true
       - run: make deps-backend deps-tools
-      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
+      - run: make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate # ensure the "go-licenses" make target runs
   frontend-checks:
     if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
@@ -274,3 +274,22 @@ jobs:
           RACE_ENABLED: true
           TEST_TAGS: sqlite sqlite_unlock_notify
           USE_REPO_TEST_DIR: 1
+  security-check:
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
+    runs-on: docker
+    needs:
+      - test-sqlite
+      - test-pgsql
+      - test-mysql
+      - test-remote-cacher
+      - test-unit
+    container:
+      image: 'docker.io/node:20-bookworm'
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.22"
+          check-latest: true
+      - run: make deps-backend deps-tools
+      - run: make security-check