diff --git a/.github/workflows/puppet-lint.yml b/.github/workflows/puppet-lint.yml
new file mode 100644
index 00000000..7ea5b92a
--- /dev/null
+++ b/.github/workflows/puppet-lint.yml
@@ -0,0 +1,55 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# Puppet Lint tests Puppet code against the recommended Puppet language style guide.
+# https://puppet.com/docs/puppet/7/style_guide.html
+# Puppet Lint validates only code style; it does not validate syntax.
+# To test syntax, use Puppet's puppet parser validate command.
+# More details at https://github.com/puppetlabs/puppet-lint/
+
+name: puppet-lint
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '41 13 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  puppet-lint:
+    name: Run puppet-lint scanning
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # for checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
+        with:
+          ruby-version: 2.7
+          bundler-cache: true
+
+      - name: Install puppet-lint
+        run: gem install puppet-lint
+
+      - name: Run puppet-lint
+        run: puppet-lint . --sarif > puppet-lint-results.sarif
+        continue-on-error: true
+
+      - name: Upload analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: puppet-lint-results.sarif
+          wait-for-processing: true