diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index a12ae35f..d1765e6a 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -10,6 +10,19 @@ on:
     branches: [ "main" ]
 
 jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.61.0
   tests:
     strategy:
       matrix:
diff --git a/.golangci.yaml b/.golangci.yaml
new file mode 100644
index 00000000..b551958f
--- /dev/null
+++ b/.golangci.yaml
@@ -0,0 +1,92 @@
+# TODO(#274): this should match the configuration of osv-scanner for the most part
+#   currently it does not because using that config raises type errors,
+#   in addition to some of the rules having violations that need addressing,
+#   so the current focus is on getting as many linters as possible running
+
+output:
+  sort-results: true
+linters:
+  # TODO(#274): currently linting raises a type error, so until that's resolved we've got to be very selective in what we enable
+  enable:
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - canonicalheader
+#    - containedctx
+#    - contextcheck
+#    - copyloopvar
+    - decorder
+#    - depguard
+    - dogsled
+#    - dupl
+#    - dupword
+    - durationcheck
+#    - errcheck
+#    - errchkjson
+#    - errname
+#    - errorlint
+#    - exhaustive
+#    - fatcontext
+#    - forbidigo
+    - ginkgolinter
+    - gocheckcompilerdirectives
+#    - gochecknoinits
+    - gochecksumtype
+#    - gocritic
+#    - gofmt
+    - goheader
+#    - goimports
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+#    - gosec
+#    - gosimple
+    - gosmopolitan
+#    - govet
+    - grouper
+    - importas
+#    - inamedparam
+#    - ineffassign
+    - interfacebloat
+#    - intrange
+    - loggercheck
+    - makezero
+    - mirror
+#    - misspell
+#    - musttag
+    - nakedret
+#    - nilerr
+#    - nilnil
+#    - nlreturn
+#    - noctx
+    - nolintlint
+#    - nosprintfhostport
+#    - paralleltest
+#    - perfsprint
+#    - prealloc
+#    - predeclared
+    - promlinter
+#    - protogetter
+    - reassign
+#    - revive
+    - rowserrcheck
+    - sloglint
+    - spancheck
+    - sqlclosecheck
+#    - staticcheck
+#    - stylecheck
+    - tagalign
+    - tenv
+    - testableexamples
+    - testifylint
+#    - thelper
+#    - tparallel
+#    - unconvert
+#    - unparam
+#    - unused
+#    - usestdlibvars
+#    - wastedassign
+#    - whitespace
+    - zerologlint
+  disable-all: true
diff --git a/Makefile b/Makefile
index c76ef742..a927cda5 100644
--- a/Makefile
+++ b/Makefile
@@ -5,6 +5,9 @@ scalibr:
 	# go-sqlite3 used by the RPM extractor.
 	CGO_ENABLED=1 go build binary/scalibr/scalibr.go
 
+lint:
+	go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0 run ./... --max-same-issues 0
+
 test:
 	CGO_ENABLED=1 go test ./...