diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml
new file mode 100644
index 000000000000..3cdcc8428c4a
--- /dev/null
+++ b/.github/workflows/zizmor.yaml
@@ -0,0 +1,32 @@
+name: zizmor workflow audits
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+   zizmor-workflow-audits:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: zizmor workflow audits
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          pip install zizmor
+
+          printf '%b\n' "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          zizmor . --gh-token $GITHUB_TOKEN >> $GITHUB_STEP_SUMMARY
+          printf '%b' "\`\`\`" >> $GITHUB_STEP_SUMMARY
+
+
+
+