diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml
new file mode 100644
index 0000000000..f6b35c4160
--- /dev/null
+++ b/.github/workflows/check-dependencies.yml
@@ -0,0 +1,26 @@
+name: third-party dependencies check
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SCRIPT_DEPENDENCY: hugegraph-dist/scripts/dependency
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: '8'
+          distribution: 'adopt'
+      - name: mvn install
+        run: |
+          mvn install -DskipTests=true
+      - name: generate current dependencies
+        run: |
+          bash $SCRIPT_DEPENDENCY/regenerate_known_dependencies.sh current-dependencies.txt
+      - name: check third dependencies
+        run: |
+          bash $SCRIPT_DEPENDENCY/check_dependencies.sh
diff --git a/hugegraph-dist/scripts/dependency/check_dependencies.sh b/hugegraph-dist/scripts/dependency/check_dependencies.sh
new file mode 100644
index 0000000000..29f9031078
--- /dev/null
+++ b/hugegraph-dist/scripts/dependency/check_dependencies.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+BASE_PATH=$(cd $(dirname $0); pwd)
+
+# check whether there are new third-party dependencies by diff command,
+# diff generated 'current-dependencies.txt' file with 'known-dependencies.txt' file.
+diff -w -B -U0 <(sort < ${BASE_PATH}/known-dependencies.txt) \
+<(sort < ${BASE_PATH}/current-dependencies.txt) > ${BASE_PATH}/result.txt
+
+# if has new third-party,the Action will fail and print diff
+if [ -s ${BASE_PATH}/result.txt ]; then
+  cat ${BASE_PATH}/result.txt
+  exit 1
+else
+  echo 'All third dependencies is known!'
+fi
diff --git a/hugegraph-dist/scripts/dependency/known-dependencies.txt b/hugegraph-dist/scripts/dependency/known-dependencies.txt
new file mode 100644
index 0000000000..675de6c52a
--- /dev/null
+++ b/hugegraph-dist/scripts/dependency/known-dependencies.txt
@@ -0,0 +1,262 @@
+HdrHistogram-2.1.9.jar
+ST4-4.0.8.jar
+accessors-smart-1.2.jar
+airline-0.6.jar
+animal-sniffer-annotations-1.14.jar
+annotations-4.1.1.4.jar
+ansj_seg-5.1.6.jar
+antlr-runtime-3.5.2.jar
+aopalliance-repackaged-3.0.1.jar
+asm-5.0.4.jar
+asm-6.0.jar
+asm-analysis-5.0.3.jar
+asm-commons-5.0.3.jar
+asm-tree-5.0.3.jar
+asm-util-5.0.3.jar
+ast-9.0-9.0.20190305.jar
+audience-annotations-0.5.0.jar
+bolt-1.6.4.jar
+byte-buddy-1.10.5.jar
+byte-buddy-agent-1.10.5.jar
+caffeine-2.2.6.jar
+caffeine-2.3.1.jar
+cassandra-all-3.11.12.jar
+cassandra-driver-core-3.6.0.jar
+checker-qual-2.0.0.jar
+checker-qual-3.5.0.jar
+classgraph-4.8.95.jar
+commons-beanutils-1.9.4.jar
+commons-cli-1.1.jar
+commons-codec-1.11.jar
+commons-codec-1.15.jar
+commons-codec-1.9.jar
+commons-collections-3.2.2.jar
+commons-compress-1.21.jar
+commons-configuration-1.10.jar
+commons-configuration2-2.3.jar
+commons-io-2.7.jar
+commons-lang-2.6.jar
+commons-lang3-3.1.jar
+commons-lang3-3.11.jar
+commons-logging-1.1.1.jar
+commons-logging-1.2.jar
+commons-math3-3.2.jar
+commons-text-1.9.jar
+compress-lzf-0.8.4.jar
+concurrent-trees-2.4.0.jar
+concurrentlinkedhashmap-lru-1.4.jar
+cypher-gremlin-extensions-1.0.4.jar
+disruptor-3.3.7.jar
+eclipse-collections-11.1.0.jar
+eclipse-collections-api-11.1.0.jar
+error_prone_annotations-2.1.3.jar
+exp4j-0.4.8.jar
+expressions-9.0-9.0.20190305.jar
+fastparse_2.12-2.0.4.jar
+fastutil-8.5.9.jar
+findbugs-annotations-1.3.9-1.jar
+front-end-9.0-9.0.20190305.jar
+gremlin-console-3.5.1.jar
+gremlin-core-3.5.1.jar
+gremlin-driver-3.5.1.jar
+gremlin-groovy-3.5.1.jar
+gremlin-groovy-test-3.2.11.jar
+gremlin-server-3.5.1.jar
+gremlin-shaded-3.5.1.jar
+gremlin-test-3.5.1.jar
+grizzly-framework-3.0.1.jar
+grizzly-http-3.0.1.jar
+grizzly-http-server-3.0.1.jar
+grizzly-http-servlet-3.0.1.jar
+groovy-2.5.14-indy.jar
+groovy-cli-picocli-2.5.14.jar
+groovy-console-2.5.14.jar
+groovy-groovysh-2.5.14-indy.jar
+groovy-json-2.5.14-indy.jar
+groovy-jsr223-2.5.14-indy.jar
+groovy-swing-2.5.14.jar
+groovy-templates-2.5.14.jar
+groovy-xml-2.5.14.jar
+grpc-api-1.28.0.jar
+grpc-context-1.28.0.jar
+grpc-core-1.28.0.jar
+grpc-netty-shaded-1.28.0.jar
+gson-2.8.6.jar
+guava-25.1-jre.jar
+hamcrest-2.2.jar
+hamcrest-core-1.3.jar
+hanlp-portable-1.8.3.jar
+hbase-shaded-endpoint-2.0.6.jar
+hessian-3.3.6.jar
+high-scale-lib-1.0.6.jar
+hk2-api-3.0.1.jar
+hk2-locator-3.0.1.jar
+hk2-utils-3.0.1.jar
+hppc-0.7.1.jar
+htrace-core4-4.2.0-incubating.jar
+httpclient-4.5.13.jar
+httpcore-4.4.13.jar
+ikanalyzer-2012_u6.jar
+ivy-2.4.0.jar
+j2objc-annotations-1.1.jar
+jackson-annotations-2.12.1.jar
+jackson-annotations-2.12.5.jar
+jackson-core-2.12.1.jar
+jackson-core-2.12.5.jar
+jackson-databind-2.12.1.jar
+jackson-databind-2.12.5.jar
+jackson-dataformat-yaml-2.9.3.jar
+jackson-datatype-jsr310-2.12.1.jar
+jackson-jaxrs-base-2.12.1.jar
+jackson-jaxrs-json-provider-2.12.1-jakarta.jar
+jackson-jaxrs-json-provider-2.12.1.jar
+jackson-module-jaxb-annotations-2.12.1.jar
+jakarta.activation-2.0.1.jar
+jakarta.activation-api-1.2.1.jar
+jakarta.annotation-api-2.0.0.jar
+jakarta.inject-api-2.0.0.jar
+jakarta.servlet-api-5.0.0.jar
+jakarta.validation-api-3.0.0.jar
+jakarta.ws.rs-api-3.0.0.jar
+jakarta.xml.bind-api-4.0.0-RC2.jar
+jamm-0.3.0.jar
+javapoet-1.8.0.jar
+javassist-3.21.0-GA.jar
+javatuples-1.2.jar
+javax.activation-api-1.2.0.jar
+javax.inject-1.jar
+javax.json-1.0.jar
+jaxb-api-2.3.1.jar
+jaxb-core-3.0.2.jar
+jaxb-impl-3.0.2.jar
+jbcrypt-0.4.jar
+jcabi-log-0.14.jar
+jcabi-manifests-1.1.jar
+jcip-annotations-1.0-1.jar
+jcl-over-slf4j-1.7.25.jar
+jcseg-core-2.6.2.jar
+jctools-core-1.2.1.jar
+jctools-core-2.1.1.jar
+jersey-apache-connector-3.0.3.jar
+jersey-client-3.0.3.jar
+jersey-common-3.0.3.jar
+jersey-container-grizzly2-http-3.0.3.jar
+jersey-container-grizzly2-servlet-3.0.3.jar
+jersey-container-servlet-3.0.3.jar
+jersey-container-servlet-core-3.0.3.jar
+jersey-entity-filtering-3.0.3.jar
+jersey-hk2-3.0.3.jar
+jersey-media-jaxb-3.0.3.jar
+jersey-media-json-jackson-3.0.3.jar
+jersey-server-3.0.3.jar
+jersey-test-framework-core-3.0.3.jar
+jersey-test-framework-provider-grizzly2-3.0.3.jar
+jffi-1.2.16-native.jar
+jffi-1.2.16.jar
+jflex-1.6.0.jar
+jieba-analysis-1.0.2.jar
+jjwt-api-0.11.5.jar
+jjwt-impl-0.11.5.jar
+jjwt-jackson-0.11.5.jar
+jline-2.14.6.jar
+jna-4.2.2.jar
+jna-5.5.0.jar
+jnr-ffi-2.1.7.jar
+jnr-x86asm-1.0.2.jar
+joda-time-2.10.8.jar
+joda-time-2.4.jar
+jraft-core-1.3.11.jar
+json-simple-1.1.jar
+json-smart-2.3.jar
+jsr305-3.0.1.jar
+junit-4.12.jar
+kerb-admin-2.0.0.jar
+kerb-client-2.0.0.jar
+kerb-common-2.0.0.jar
+kerb-core-2.0.0.jar
+kerb-crypto-2.0.0.jar
+kerb-identity-2.0.0.jar
+kerb-server-2.0.0.jar
+kerb-simplekdc-2.0.0.jar
+kerb-util-2.0.0.jar
+kerby-asn1-2.0.0.jar
+kerby-config-2.0.0.jar
+kerby-pkix-2.0.0.jar
+kerby-util-2.0.0.jar
+kerby-xdr-2.0.0.jar
+libthrift-0.9.2.jar
+log4j-api-2.17.1.jar
+log4j-core-2.17.1.jar
+log4j-slf4j-impl-2.17.1.jar
+lookout-api-1.4.1.jar
+lucene-analyzers-common-8.11.2.jar
+lucene-analyzers-smartcn-8.11.2.jar
+lucene-core-8.11.2.jar
+lucene-queries-4.7.2.jar
+lucene-queryparser-4.7.2.jar
+lucene-sandbox-4.7.2.jar
+lz4-1.3.0.jar
+lz4-java-1.8.0.jar
+metrics-annotation-4.2.4.jar
+metrics-core-3.0.2.jar
+metrics-core-3.1.5.jar
+metrics-core-4.0.2.jar
+metrics-core-4.2.4.jar
+metrics-jersey3-4.2.4.jar
+metrics-jvm-3.1.5.jar
+metrics-logback-3.1.5.jar
+mmseg4j-core-1.10.0.jar
+mockito-core-3.3.3.jar
+mysql-connector-java-8.0.28.jar
+netty-all-4.1.44.Final.jar
+netty-all-4.1.61.Final.jar
+nimbus-jose-jwt-4.41.2.jar
+nlp-lang-1.7.7.jar
+objenesis-2.6.jar
+ohc-core-0.7.4.jar
+ohc-core-j8-0.4.4.jar
+opentracing-api-0.22.0.jar
+opentracing-mock-0.22.0.jar
+opentracing-noop-0.22.0.jar
+opentracing-util-0.22.0.jar
+osgi-resource-locator-1.0.3.jar
+parboiled-core-1.2.0.jar
+parboiled-scala_2.12-1.2.0.jar
+parser-9.0-9.0.20190305.jar
+perfmark-api-0.19.0.jar
+picocli-4.3.2.jar
+postgresql-42.4.1.jar
+protobuf-java-3.21.7.jar
+reporter-config-base-3.0.3.jar
+reporter-config3-3.0.3.jar
+rewriting-9.0-9.0.20190305.jar
+rocksdbjni-7.2.2.jar
+scala-java8-compat_2.12-0.8.0.jar
+scala-library-2.12.7.jar
+scala-reflect-2.12.7.jar
+sigar-1.6.4.jar
+slf4j-api-1.7.25.jar
+slf4j-api-1.7.7.jar
+snakeyaml-1.26.jar
+snakeyaml-1.27.jar
+snappy-java-1.1.1.7.jar
+snowball-stemmer-1.3.0.581.1.jar
+sofa-common-tools-1.0.12.jar
+sofa-rpc-all-5.7.6.jar
+sourcecode_2.12-0.1.4.jar
+stream-2.5.2.jar
+swagger-annotations-1.5.18.jar
+swagger-annotations-jakarta-2.1.9.jar
+swagger-core-1.5.18.jar
+swagger-core-jakarta-2.1.9.jar
+swagger-integration-jakarta-2.1.9.jar
+swagger-jaxrs2-jakarta-2.1.9.jar
+swagger-models-1.5.18.jar
+swagger-models-jakarta-2.1.9.jar
+thrift-server-0.3.7.jar
+tinkergraph-gremlin-3.5.1.jar
+token-provider-2.0.0.jar
+tracer-core-3.0.8.jar
+translation-1.0.4.jar
+util-9.0-9.0.20190305.jar
+validation-api-1.1.0.Final.jar
diff --git a/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh b/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh
new file mode 100644
index 0000000000..1c27c9f025
--- /dev/null
+++ b/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+BASE_PATH=$(cd $(dirname $0); pwd)
+DEP_PATH=$BASE_PATH/all_dependencies
+FILE_NAME=${1:-known-dependencies.txt}
+
+if [[ -d $DEP_PATH ]];then
+  echo "rm -r -f DEP_PATH"
+  rm -r -f $DEP_PATH
+fi
+
+cd $BASE_PATH/../../../
+
+mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=$DEP_PATH
+
+ls $DEP_PATH | egrep -v "^hugegraph|hubble" | sort -n > $BASE_PATH/$FILE_NAME
+rm -r -f $DEP_PATH