diff --git a/.github/workflows/monero-tests.yaml b/.github/workflows/monero-tests.yaml
index c6c08f47..c26cd1ee 100644
--- a/.github/workflows/monero-tests.yaml
+++ b/.github/workflows/monero-tests.yaml
@@ -17,8 +17,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: "recursive"
 
       - name: Test Dependencies
         uses: ./.github/actions/test-dependencies
@@ -37,8 +35,6 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: "recursive"
 
       - name: Test Dependencies
         uses: ./.github/actions/test-dependencies
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b9118819..7fca895a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -12,8 +12,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: "recursive"
 
       - name: Get nightly version to use
         id: nightly
@@ -29,12 +27,33 @@ jobs:
       - name: Run Clippy
         run: cargo clippy --all-features -- -D warnings -A clippy::type_complexity -A dead_code
 
+  deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Rust Cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.cargo/advisory-db
+          key: rust-advisory-db
+
+      - name: Install cargo
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          profile: minimal
+
+      - name: Install cargo deny
+        run: cargo install --locked cargo-deny
+
+      - name: Run cargo deny
+        run: cargo deny -L error --all-features check
+
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-        with:
-          submodules: "recursive"
 
       - name: Test Dependencies
         uses: ./.github/actions/test-dependencies
diff --git a/Cargo.lock b/Cargo.lock
index 03d9873c..5bdf58f6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -118,8 +118,7 @@ dependencies = [
 [[package]]
 name = "array-bytes"
 version = "4.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a913633b0c922e6b745072795f50d90ebea78ba31a57e2ac8c2fc7b50950949"
+source = "git+https://github.com/hack-ink/array-bytes?rev=994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c#994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c"
 
 [[package]]
 name = "array-init"
diff --git a/Cargo.toml b/Cargo.toml
index a391d54d..b3fdb0c6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -48,3 +48,8 @@ monero-serai = { opt-level = 3 }
 
 [profile.release]
 panic = "unwind"
+
+[patch.crates-io]
+# array-bytes 4.1.0 is GPL-3.0.
+# array-bytes git, which has no code changes, includes a dual-license under Apache-2.0.
+array-bytes = { git = "https://github.com/hack-ink/array-bytes", rev = "994cd29b66bd2ab5c8c15f0b15a1618d4bb2d94c" }
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..cea6b938
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,73 @@
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+
+vulnerability = "deny"
+yanked = "deny"
+notice = "warn"
+unmaintained = "warn"
+
+ignore = [
+  "RUSTSEC-2020-0071", # https://github.com/chronotope/chrono/issues/602
+]
+
+[licenses]
+unlicensed = "deny"
+
+allow = [
+  # Effective public domain
+  "CC0-1.0",
+  "Unlicense",
+
+  # Attribution required
+  "MIT",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "ISC",
+  "Unicode-DFS-2016",
+  "OpenSSL",
+
+  # Non-invasive copyleft
+  "MPL-2.0",
+  "Apache-2.0",
+  "Apache-2.0 WITH LLVM-exception",
+  "GPL-3.0 WITH Classpath-exception-2.0",
+]
+
+copyleft = "deny"
+allow-osi-fsf-free = "neither"
+default = "deny"
+
+exceptions = [
+  { allow = ["AGPL-3.0"], name = "ethereum-serai" },
+  { allow = ["AGPL-3.0"], name = "serai-processor" },
+
+  { allow = ["AGPL-3.0"], name = "serai-extension" },
+  { allow = ["AGPL-3.0"], name = "serai-multisig" },
+
+  { allow = ["AGPL-3.0"], name = "serai-runtime" },
+  { allow = ["AGPL-3.0"], name = "serai-consensus" },
+  { allow = ["AGPL-3.0"], name = "serai-node" },
+]
+
+[[licenses.clarify]]
+name = "ring"
+version = "*"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+  { path = "LICENSE", hash = 0xbd0eed23 }
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards = "warn"
+highlight = "all"
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = [
+  "https://github.com/serai-dex/substrate",
+  "https://github.com/hack-ink/array-bytes"
+]