diff --git a/.github/workflows/pr-title-lint.yml b/.github/workflows/pr-title-lint.yml
new file mode 100644
index 00000000..f47a68d9
--- /dev/null
+++ b/.github/workflows/pr-title-lint.yml
@@ -0,0 +1,24 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+
+name: PR Title Lint
+
+on:
+  pull_request_target:
+    types: [opened, edited, synchronize, reopened]
+
+permissions:
+  pull-requests: read
+  statuses: write
+
+jobs:
+  lint:
+    name: Validate PR Title
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check PR title follows Conventional Commits
+        # Pinned to commit SHA for supply chain security (CWE-829)
+        # Verify: gh api repos/amannn/action-semantic-pull-request/git/ref/tags/v5.5.3 --jq '.object.sha'
+        uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}