diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
new file mode 100644
index 0000000..a1f13ec
--- /dev/null
+++ b/.github/workflows/zizmor.yml
@@ -0,0 +1,22 @@
+name: Workflow security lint
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - ".github/workflows/**"
+  push:
+    branches: [main]
+    paths:
+      - ".github/workflows/**"
+
+permissions: {}
+
+jobs:
+  lint:
+    permissions:
+      contents: read
+      security-events: write
+    uses: uw-ssec/.github/.github/workflows/zizmor-lint.yml@main # zizmor: ignore[unpinned-uses] centrally managed org workflow
+    with:
+      enforce: false