diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
index b768ac716..87a4a0703 100644
--- a/.github/workflows/compliance.yml
+++ b/.github/workflows/compliance.yml
@@ -1,21 +1,31 @@
 name: Compliance
+
 on:
   push:
-    branches:
-      - main
-      - 'support/*'
+    branches: [ main ]
   pull_request: {}
 
+permissions:
+  # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-contents
+  contents: read
+
 jobs:
-  licenses:
+  compliance:
     runs-on: ubuntu-latest
     steps:
-      - run: sudo apt install -y moreutils
+    - uses: actions/checkout@v5
+    - uses: actions/setup-go@v6
+      with:
+        go-version: stable
 
-      - uses: actions/setup-go@v6
-        with:
-          go-version: 1.x
+    - name: Download modules to local cache
+      run: go mod download
 
-      - uses: actions/checkout@v5
+    - name: Install go-licenses
+      run: go install github.com/google/go-licenses@latest
 
-      - run: .github/workflows/compliance/check-licenses.sh
+    - name: Check licenses against allow list
+      run: |
+        # Pass allowed licenses as SPDX Identifiers: https://spdx.org/licenses/
+        go-licenses check github.com/icinga/icingadb/... \
+          --allowed_licenses BSD-2-Clause,BSD-3-Clause,GPL-2.0,ISC,MIT,MPL-2.0,Unlicense
diff --git a/.github/workflows/compliance/anonymize-license.pl b/.github/workflows/compliance/anonymize-license.pl
deleted file mode 100755
index 573eba677..000000000
--- a/.github/workflows/compliance/anonymize-license.pl
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -pi
-
-use warnings;
-use strict;
-use autodie qw(:all);
-
-if (/^ ?(?:\w+ )?Copyright / || /^All rights reserved\.$/ || /^(?:The )?\S+ License(?: \(.+?\))?$/ || /^$/) {
-    $_ = ""
-}
-
-s/Google Inc\./the copyright holder/g
diff --git a/.github/workflows/compliance/check-licenses.sh b/.github/workflows/compliance/check-licenses.sh
deleted file mode 100755
index 63ff76f6a..000000000
--- a/.github/workflows/compliance/check-licenses.sh
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-
-find_license_file() {
-  MOD_NAME="$1"
-  LICENSE_DIR="vendor/$MOD_NAME"
-  LICENSE_FILES=({,../}{,UN}LICENSE{,.txt,.md})
-
-  for LICENSE_FILE in "${LICENSE_FILES[@]}"; do
-    LICENSE_FILE="${LICENSE_DIR}/$LICENSE_FILE"
-
-    if [ -e "$LICENSE_FILE" ]; then
-      echo "$LICENSE_FILE"
-      return
-    fi
-  done
-
-  echo "Module ${MOD_NAME}: license file missing in ${LICENSE_DIR}. Tried:" "${LICENSE_FILES[@]}" >&2
-  false
-}
-
-list_all_deps() {
-  for MAIN_MOD in ./cmd/*; do
-    go list -deps "$MAIN_MOD"
-  done
-}
-
-COMPATIBLE_LINE=$(($LINENO + 2))
-
-COMPATIBLE=(
-  # public domain
-  3cee2c43614ad4572d9d594c81b9348cf45ed5ac # vendor/github.com/vbauerster/mpb/v6/UNLICENSE
-  # MIT
-  66d504eb2f162b9cbf11b07506eeed90c6edabe1 # vendor/github.com/cespare/xxhash/v2/LICENSE.txt
-  1513ff663e946fdcadb630bed670d253b8b22e1e # vendor/github.com/davecgh/go-spew/spew/../LICENSE
-  90a1030e6314df9a898e5bfbdb4c6176d0a1f81c # vendor/github.com/jmoiron/sqlx/LICENSE
-  # BSD-2
-  8762249b76928cb6995b98a95a9396c5aaf104f3 # vendor/github.com/go-redis/redis/v8/LICENSE
-  d550c89174b585d03dc67203952b38372b4ce254 # vendor/github.com/pkg/errors/LICENSE
-  # BSD-3
-  b23b967bba92ea3c5ccde9962027cd70400865eb # vendor/github.com/google/uuid/LICENSE
-  604b38b184689a3db06a0617216d52a95aea10d8 # vendor/github.com/pmezard/go-difflib/difflib/../LICENSE
-  # MPLv2
-  0a2b84dd9b124c4d95dd24418c3e84fd870cc0ac # vendor/github.com/go-sql-driver/mysql/LICENSE
-)
-
-MY_DIR="$(dirname "$0")"
-
-go mod vendor
-
-for MOD_NAME in $(list_all_deps | "${MY_DIR}/ls-deps.pl"); do
-  LICENSE_FILE="$(find_license_file "$MOD_NAME")"
-
-  "${MY_DIR}/anonymize-license.pl" "$LICENSE_FILE"
-  tr -d ., <"$LICENSE_FILE" | tr \\n\\t ' ' | sponge "$LICENSE_FILE"
-  perl -p0 -i -e 's/  +/ /g; s/ +$//; $_ = lc' "$LICENSE_FILE"
-
-  for SHA1 in "${COMPATIBLE[@]}"; do
-    if sha1sum -c <<<"$SHA1  $LICENSE_FILE" >/dev/null 2>&1; then
-      continue 2
-    fi
-  done
-
-  echo "Module ${MOD_NAME}: unknown license. Run 'go mod vendor' (or see below), verify by yourself whether" \
-    "$LICENSE_FILE is GPLv2 compatible and (if yes) update the license text hashes list at ${0}:$COMPATIBLE_LINE" \
-    "and eventually .github/workflows/compliance/anonymize-license.pl:7" >&2
-
-  sha1sum "$LICENSE_FILE"
-  head "$LICENSE_FILE"
-  false
-done
diff --git a/.github/workflows/compliance/ls-deps.pl b/.github/workflows/compliance/ls-deps.pl
deleted file mode 100755
index a7a033add..000000000
--- a/.github/workflows/compliance/ls-deps.pl
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/perl
-
-use warnings;
-use strict;
-use autodie qw(:all);
-
-my @mods = <>;
-chomp @mods;
-s~^vendor/~~ for @mods;
-
-@mods = grep m~^[^./]+\.~, @mods;
-@mods = grep !m~^golang\.org/x(?:/|$)~, @mods;
-@mods = grep !m~^github\.com/icinga/icingadb(?:/|$)~, @mods;
-@mods = sort @mods;
-
-my $lastMod = undef;
-
-for (@mods) {
-    # prefixed with last mod (e.g. "go.uber.org/zap/buffer" after "go.uber.org/zap"), so redundant
-    next if defined($lastMod) && /$lastMod/;
-
-    $lastMod = '^' . quotemeta("$_/");
-    print "$_\n"
-}