diff --git a/.github/workflows/CICD.yml b/.github/workflows/CICD.yml
index b2ae59bdf..bbbf60838 100644
--- a/.github/workflows/CICD.yml
+++ b/.github/workflows/CICD.yml
@@ -20,6 +20,13 @@ env:
 on: [push, pull_request]
 
 jobs:
+  cargo-deny:
+    name: Style/cargo-deny
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
+
   style_deps:
     ## ToDO: [2021-11-10; rivy] 'Style/deps' needs more informative output and better integration of results into the GHA dashboard
     name: Style/deps
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ac2e0811e..15adfe488 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -94,6 +94,16 @@ uutils: add new utility
 gitignore: add temporary files
 ```
 
+## cargo-deny
+
+This project uses [cargo-deny](https://github.com/EmbarkStudios/cargo-deny/) to
+detect duplicate dependencies, checks licenses, etc. To run it locally, first
+install it and then run with:
+
+```
+cargo deny --all-features check all
+```
+
 ## Licensing
 
 uutils is distributed under the terms of the MIT License; see the `LICENSE` file
diff --git a/Cargo.lock b/Cargo.lock
index 714aef2b4..70f117b84 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -877,7 +877,7 @@ version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f37978dab2ca789938a83b2f8bc1ef32db6633af9051a6cd409eff72cbaaa79a"
 dependencies = [
- "paste 1.0.6",
+ "paste",
 ]
 
 [[package]]
@@ -1431,31 +1431,12 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
-[[package]]
-name = "paste"
-version = "0.1.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880"
-dependencies = [
- "paste-impl",
- "proc-macro-hack",
-]
-
 [[package]]
 name = "paste"
 version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0744126afe1a6dd7f394cb50a716dbe086cb06e255e53d8d0185d82828358fb5"
 
-[[package]]
-name = "paste-impl"
-version = "0.1.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6"
-dependencies = [
- "proc-macro-hack",
-]
-
 [[package]]
 name = "peeking_take_while"
 version = "0.1.2"
@@ -1574,12 +1555,6 @@ dependencies = [
  "version_check",
 ]
 
-[[package]]
-name = "proc-macro-hack"
-version = "0.5.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5"
-
 [[package]]
 name = "proc-macro2"
 version = "1.0.36"
@@ -2559,7 +2534,7 @@ dependencies = [
  "clap 3.0.10",
  "coz",
  "num-traits",
- "paste 0.1.18",
+ "paste",
  "quickcheck",
  "rand",
  "smallvec",
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 000000000..dea3503de
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,95 @@
+# spell-checker:ignore SSLeay RUSTSEC
+
+# This section is considered when running `cargo deny check advisories`
+# More documentation for the advisories section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "warn"
+unmaintained = "warn"
+yanked = "warn"
+notice = "warn"
+ignore = [
+    #"RUSTSEC-0000-0000",
+]
+
+# This section is considered when running `cargo deny check licenses`
+# More documentation for the licenses section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+unlicensed = "deny"
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "BSD-2-Clause",
+    "BSD-2-Clause-FreeBSD",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "MPL-2.0", # XXX considered copyleft?
+]
+copyleft = "deny"
+allow-osi-fsf-free = "neither"
+default = "deny"
+confidence-threshold = 0.8
+exceptions = [
+    { allow = ["OpenSSL"], name = "ring" },
+]
+
+[[licenses.clarify]]
+name = "ring"
+# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
+# https://spdx.org/licenses/OpenSSL.html
+# ISC - Both BoringSSL and ring use this for their new files
+# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
+# license, for third_party/fiat, which, unlike other third_party directories, is
+# compiled into non-test libraries, is included below."
+# OpenSSL - Obviously
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+# This section is considered when running `cargo deny check bans`.
+# More documentation about the 'bans' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+multiple-versions = "deny"
+wildcards = "allow"
+highlight = "all"
+
+# For each duplicate dependency, indicate the name of the dependency which
+# introduces it.
+# spell-checker: disable
+skip = [
+    # blake2d_simd
+    { name = "arrayvec", version = "=0.7.2" },
+    # flimit/unix_socket
+    { name = "cfg-if", version = "=0.1.10" },
+    # ordered-multimap
+    { name = "hashbrown", version = "=0.9.1" },
+    # kernel32-sys
+    { name = "winapi", version = "=0.2.8" },
+    # bindgen 0.59.2
+    { name = "clap", version = "=2.34.0" },
+    { name = "strsim", version = "=0.8.0" },
+    { name = "textwrap", version = "=0.11.0" },
+    { name = "cpp_common", version = "=0.4.0" },
+    # quickcheck
+    { name = "env_logger", version = "=0.8.4" },
+    # cpp_*
+    { name = "memchr", version = "=1.0.2" },
+    { name = "quote", version = "=0.3.15" },
+    { name = "unicode-xid", version = "=0.0.4" },
+    # exacl
+    { name = "nix", version = "=0.21.0" },
+]
+# spell-checker: enable
+
+# This section is considered when running `cargo deny check sources`.
+# More documentation about the 'sources' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []
diff --git a/src/uu/factor/Cargo.toml b/src/uu/factor/Cargo.toml
index aec43af76..2f688f98f 100644
--- a/src/uu/factor/Cargo.toml
+++ b/src/uu/factor/Cargo.toml
@@ -23,7 +23,7 @@ smallvec = "1.7"  # TODO(nicoo): Use `union` feature, requires Rust 1.49 or late
 uucore = { version = ">=0.0.8", package = "uucore", path = "../../uucore" }
 
 [dev-dependencies]
-paste = "0.1.18"
+paste = "1.0.6"
 quickcheck = "1.0.3"
 
 [[bin]]