diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc638f81..4bd24f40 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -36,6 +36,34 @@ jobs:
           persist-credentials: false
       - run:
           docker run -v $PWD:/src ghcr.io/google/osv-scanner:latest scan -r src
+  lint:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      # build the osv-linter from source
+      - run: git clone --depth 1 https://github.com/ossf/osv-schema
+      - name: Set up Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          cache-dependency-path: 'osv-schema/tools/osv-linter/go.sum'
+          go-version: stable
+          check-latest: true
+      - run: go build -o osv-linter ./cmd/osv
+        working-directory: osv-schema/tools/osv-linter
+
+      - run: osv-schema/tools/osv-linter/osv-linter
+
+      # run the linter against our advisories
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          path: drupal-advisory-database
+          persist-credentials: false
+      - run: |
+          osv-schema/tools/osv-linter/osv-linter record lint --parallel 2 \
+            drupal-advisory-database/advisories/
+
   ruff:
     permissions:
       contents: read # to fetch code (actions/checkout)