diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 4599eee5..c9080bdc 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -43,7 +43,8 @@ jobs:
       matrix:
         # It is recommended to pin a Runner version specifically:
         # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
-        os: [ubuntu-latest, macos-latest, windows-latest]
+        #os: [ubuntu-latest, macos-latest, windows-latest]
+        os: [ubuntu-latest]
         python: ['3.9', '3.10']
     steps:
 
@@ -74,7 +75,20 @@ jobs:
 
     # Audit all currently installed packages for security vulnerabilities.
     - name: Audit installed packages
-      run: make audit
+      id: audit-packages
+      continue-on-error: true
+      run: make --silent audit > pip-audit-vulnerabilities.txt
+
+    # Upload the vulnerabilities file output.
+    - name: Upload Artifact
+      id: upload-audit-artifact
+      uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb #v3.1.1
+      with:
+        name: pip-audit-vulnerabilities.txt
+        path: .
+        if-no-files-found: error
+        retention-days: 1
+      #if: steps.audit-packages.outputs.exit_code == 1
 
     # Build the sdist and wheel distribution of the package and docs as a zip file.
     # We don't need to check and test the package separately because `make dist` runs
diff --git a/.github/workflows/pr-change-set.yaml b/.github/workflows/pr-change-set.yaml
index c4814f97..c9eb57b9 100644
--- a/.github/workflows/pr-change-set.yaml
+++ b/.github/workflows/pr-change-set.yaml
@@ -18,3 +18,23 @@ jobs:
     uses: ./.github/workflows/build.yaml
     permissions:
       contents: read
+
+  comment-audit:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    needs: build
+    steps:
+
+    - name: Download artifact from Build
+      uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 #v3
+      #if: steps.audit-packages.outputs.exit_code == 1
+      with:
+        name: pip-audit-vulnerabilities.txt
+
+    - name: comment PR
+      id: comment-pr
+      run: gh pr comment ${{ github.event.number }} --body-file pip-audit-vulnerabilities.txt
+      #if: steps.audit-packages.outputs.exit_code == 1
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
index fe324aff..bff0fa50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -132,3 +132,7 @@ dmypy.json
 
 # Pyre type checker
 .pyre/
+
+# pip audit vulnerabilities file
+
+pip-audit-vulnerabilities.txt