diff --git a/.github/workflows/check.dependency-review.yml b/.github/workflows/check.dependency-review.yml
new file mode 100644
index 00000000..bec443a8
--- /dev/null
+++ b/.github/workflows/check.dependency-review.yml
@@ -0,0 +1,24 @@
+name: "Checks: Dependency Review"
+
+"on":
+  workflow_call: {}
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: "Dependency Review"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+      - name: "Setup: Checkout"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+            persist-credentials: false
+      - name: "Checks: Dependency Review"
+        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
diff --git a/.github/workflows/ci.build-test.yml b/.github/workflows/ci.build-test.yml
index f56c38b9..b559b57d 100644
--- a/.github/workflows/ci.build-test.yml
+++ b/.github/workflows/ci.build-test.yml
@@ -20,8 +20,19 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
             persist-credentials: false
+            submodules: true
       - name: "Setup: Java 21"
         uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'zulu'
+      - name: "Setup: Cache"
+        uses: actions/cache@v4
+        with:
+          path: |
+            jdk
+            annotation-tools
+            .m2
+          key: jpms-attic-v1-${{ runner.os }}
+      - name: "Build & Test Repository"
+        run: make TESTS=yes SIGNING=no JAVADOC=no SNAPSHOT=yes
diff --git a/.github/workflows/ci.dependency-graph.yml b/.github/workflows/ci.dependency-graph.yml
new file mode 100644
index 00000000..8c8f3d1e
--- /dev/null
+++ b/.github/workflows/ci.dependency-graph.yml
@@ -0,0 +1,32 @@
+name: "Dependency Graph"
+
+"on":
+  workflow_call: {}
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+  
+jobs:
+  build-graph:
+    name: "Dependency Graph"
+    runs-on: ubuntu-latest
+    permissions:
+        contents: write  # needed for graph write  
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+      - name: "Setup: Checkout"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+            persist-credentials: false
+      - name: "Setup: Java 21"
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'zulu'
+      - name: "Build: Maven Dependency Graph"
+        continue-on-error: true
+        uses: advanced-security/maven-dependency-submission-action@bfd2106013da0957cdede0b6c39fb5ca25ae375e # v4.0.2
diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
index 4919eeb5..92d22cc1 100644
--- a/.github/workflows/on.pr.yml
+++ b/.github/workflows/on.pr.yml
@@ -13,6 +13,17 @@ jobs:
     name: "Build & Test"
     uses: ./.github/workflows/ci.build-test.yml
 
+  build-dependency-graph:
+    name: "Build & Test"
+    uses: ./.github/workflows/ci.dependency-graph.yml
+    permissions:
+      contents: write  # needed for graph write
+
   checks-gradle:
     name: "Checks"
     uses: ./.github/workflows/check.gradle-wrapper.yml
+
+  checks-dependency-review:
+    name: "Checks"
+    needs: [build-dependency-graph]
+    uses: ./.github/workflows/check.dependency-review.yml
diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml
index 595e546c..fa5a1224 100644
--- a/.github/workflows/on.push.yml
+++ b/.github/workflows/on.push.yml
@@ -13,6 +13,17 @@ jobs:
     name: "Build & Test"
     uses: ./.github/workflows/ci.build-test.yml
 
+  build-dependency-graph:
+    name: "Build & Test"
+    uses: ./.github/workflows/ci.dependency-graph.yml
+    permissions:
+      contents: write  # needed for graph write
+  
   checks-gradle:
     name: "Checks"
     uses: ./.github/workflows/check.gradle-wrapper.yml
+
+  checks-dependency-review:
+    name: "Checks"
+    needs: [build-dependency-graph]
+    uses: ./.github/workflows/check.dependency-review.yml  
diff --git a/README.md b/README.md
index 01da3fa9..41413352 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,9 @@
 
 # JPMS Attic
 
+- [GitHub Repo](https://github.com/javamodules/attic)
+- [Docs](https://jpms.pkg.st)
+
 This repository provides sub-module library overrides for popular Java libraries which don't yet provide JPMS support (at least until some PRs are merged!). There is a Maven repository which contains these artifacts, too, so you can safely use them in your projects.
 
 #### Pending PRs
diff --git a/samples/Makefile b/samples/Makefile
index fdf31cc0..5daea119 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -20,4 +20,4 @@ modular-guava-repo/app/build:
 modular-guava-maven: modular-guava-maven/target
 modular-guava-maven/target:
 	@echo "Building Modular Guava sample (Maven, remote repo)..."
-	$(RULE)cd modular-guava-maven && mvnw clean package exec:exec@modular
+	$(RULE)cd modular-guava-maven && mvn clean package exec:exec@modular