diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 47aa8b5d..ffb95203 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -25,6 +25,34 @@ jobs:
           persist-credentials: false
       - name: Audit dependencies for security vulnerabilities
         uses: g-rath/check-with-osv-detector@0e8c0f954d8618a3a4671eca1918b30b2d085af3 # v0.2.0
+  lint:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      # build the osv-linter from source
+      - run: git clone --depth 1 https://github.com/ossf/osv-schema
+      - name: Set up Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          cache-dependency-path: 'osv-schema/tools/osv-linter/go.sum'
+          go-version: stable
+          check-latest: true
+      - run: go build -o osv-linter ./cmd/osv
+        working-directory: osv-schema/tools/osv-linter
+
+      - run: osv-schema/tools/osv-linter/osv-linter
+
+      # run the linter against our advisories
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          path: drupal-advisory-database
+          persist-credentials: false
+      - run: |
+          osv-schema/tools/osv-linter/osv-linter record lint --parallel 2 \
+            drupal-advisory-database/advisories/
+
   ruff:
     permissions:
       contents: read # to fetch code (actions/checkout)