diff --git a/node-kubernetes.yml b/node-kubernetes.yml
index 7573cf19c0877c6a813cdbc2c5c763d083723cce..4f733f505078f424136403175b7826e724940774 100644
--- a/node-kubernetes.yml
+++ b/node-kubernetes.yml
@@ -65,6 +65,19 @@ docker-build:
 test:
   extends: .test-node
 
+.audit-node:
+  stage: test
+
+  extends:
+    - .before-script-yarn
+    - .audit-base
+
+  script:
+    - yarn audit
+
+audit:
+  extends: .audit-node
+
 .lint-node:
   stage: test
   extends:
diff --git a/panter-kubernetes-base.yml b/panter-kubernetes-base.yml
index 0fb3f17cbea3dec0f25d70b952b8c81c2b014d02..115c6144f552738b2564cac00e705b7776fe0476 100644
--- a/panter-kubernetes-base.yml
+++ b/panter-kubernetes-base.yml
@@ -83,16 +83,27 @@ image: panterch/docker-ci-kubernetes-deploy
     - echo "not implemented"
 
 .lint-base:
+  extends:
+    - .test-base
+
+.audit-base:
+  allow_failure: true # currently not mandatory
   stage: test
+  needs: []
   extends:
     - .retry-default
-    - .rules-always-but-not-on-tags
+    - .rules-always # while lint and test is useless after tagging, running an audit on a tag might be useful
 
 .lint:
   extends: .lint-base
   script:
     - echo "not implemented"
 
+.audit:
+  extends: .audit-base
+  script:
+    - echo "not implemented"
+
 .app-build-base:
   stage: build
   extends:
@@ -183,6 +194,9 @@ test:
 lint:
   extends: .lint
 
+audit:
+  extends: .audit
+
 storybook-build:
   extends: .storybook-build