diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml
index 55951c4036c..836d587d49a 100644
--- a/.github/workflows/r.yml
+++ b/.github/workflows/r.yml
@@ -150,4 +150,4 @@ jobs:
           path: /tmp/sparklyr.log
       - name: Dump worker logs on failure
         if: failure()
-        run: cat /tmp/sparklyr.log
+        run: cat /tmp/sparklyr.log
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0c10de0abb4..a2f9534ce84 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -265,3 +265,10 @@ repos:
         name: run oxipng
         description: check PNG files with oxipng
         args: ['-o', '4', '--strip', 'safe', '--alpha']
+  - repo: https://github.com/zizmorcore/zizmor-pre-commit
+    rev: v1.9.0
+    hooks:
+      - id: zizmor
+        name: zizmor - static analysis for GitHub Actions
+        description: Scan GitHub Actions workflows for security issues
+        files: '.github/workflows/.*\.ya?ml$'