diff --git a/bin/compile b/bin/compile
index 0466e8e65b30b6ce10dd5e0b0f95b60da0f1b9ab..3ad6d318eeeec11fd9a4b53cb4cd5bd52675a77a 100755
--- a/bin/compile
+++ b/bin/compile
@@ -31,7 +31,7 @@ BUILD_DIR=$1
 CACHE_DIR=$2
 ENV_DIR=$3
 
-export BUILD_DIR CACHE_DIR ENV_DIR
+export BUILD_DIR CACHE_DIR ENV_DIR ROOT_DIR
 
 # Python defaults
 DEFAULT_PYTHON_VERSION="python-3.6.4"
@@ -215,6 +215,10 @@ if [[ ! "$BUILD_DIR" == "/app" ]]; then
   deep-cp /app/.heroku/src "$BUILD_DIR/.heroku/src"
 fi
 
+# Check package safety.
+let start=$(nowms)
+sub_env "$BIN_DIR/steps/safety"
+mtime "safety.time" "${start}"
 
 # Django collectstatic support.
 let start=$(nowms)
diff --git a/bin/steps/safety b/bin/steps/safety
new file mode 100755
index 0000000000000000000000000000000000000000..33145f1131657c6b16aef870cd509afbae3d87a0
--- /dev/null
+++ b/bin/steps/safety
@@ -0,0 +1,16 @@
+# shellcheck source=bin/utils
+source $BIN_DIR/utils
+
+set +e
+
+    $tmpfile = $(mktemp)
+    /app/.heroku/python/bin/python $ROOT_DIR/vendor/safety.zip 2>&1 > $tmpfile
+
+    if [[ $? != 0 ]]; then
+        puts-warn "KNOWN SECURITY VULNERABILITIES FOUND IN DEPENDENCIES!"
+        cat $tmpfile | indent
+    fi
+
+    rm -fr $tmpfile
+
+set -e
\ No newline at end of file
diff --git a/vendor/safety.zip b/vendor/safety.zip
new file mode 100644
index 0000000000000000000000000000000000000000..5faf3eef729b041aecc78d58454f91fbf2964719
Binary files /dev/null and b/vendor/safety.zip differ