diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index b9df58231..c57b87bf8 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -506,6 +506,13 @@ jobs:
     secrets:
       codecov-token: ${{ secrets.CODECOV_TOKEN }}
 
+  lint-github-actions:
+    name: Lint GitHub Actions
+    permissions:
+      security-events: write
+    # yamllint disable-line rule:line-length
+    uses: zizmorcore/workflow/.github/workflows/reusable-zizmor.yml@3bb5e95068d0f44b6d2f3f7e91379bed1d2f96a8
+
   check:  # This job does nothing and is only used for the branch protection
 
     # Separate 'pull_request' check from other checks to avoid confusion in