diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 0c701b5f1..334327897 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -68,3 +68,13 @@ jobs:
         )"
         echo "$issues"
         [ "$issues" == "" ] || exit 1
+
+  ensure-sha-pinned-actions:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@4830be28ce81da52ec70d65c552a7403821d98d4 # v3
+        with:
+          allowlist: |
+            Open-MSS/