diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
new file mode 100644
index 00000000..658d8b52
--- /dev/null
+++ b/.github/workflows/lint-yaml.yml
@@ -0,0 +1,39 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Lint YAML
+
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  yaml-lint:
+    runs-on: ubuntu-latest
+
+    name: yaml
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: GitHub action templates lint
+        uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
+        with:
+          file_or_dir: .github/workflows
+          config_data: |
+            line-length: warning
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+
+      - name: Check GitHub actions
+        run: uvx zizmor --min-severity medium .github/workflows/*.yml
diff --git a/zizmor.yml b/zizmor.yml
new file mode 100644
index 00000000..ee110b08
--- /dev/null
+++ b/zizmor.yml
@@ -0,0 +1,3 @@
+rules:
+  excessive-permissions:
+    disable: true