diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml
new file mode 100644
index 000000000..11e0dbb57
--- /dev/null
+++ b/.github/workflows/code-quality.yaml
@@ -0,0 +1,42 @@
+---
+name: Code static analysis
+on: [pull_request]  # yamllint disable-line rule:truthy
+
+permissions:
+  contents: read
+
+jobs:
+  code-static-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Validate YAML files (best code practices check included)
+        id: validate-yaml-files
+        uses: ibiqlik/action-yamllint@v3.1.1
+        with:
+          config_file: ./ci/yamllint-config.yaml
+
+      # In some YAML files we use JSON strings, let's check these
+      - name: Validate JSON strings in YAML files (just syntax)
+        id: validate-json-strings-in-yaml-files
+        run: |
+          type json_verify || sudo apt-get install yajl-tools
+          bash ./ci/check-json.sh
+
+      - name: Validate JSON files (just syntax)
+        id: validate-json-files
+        run: |
+          type json_verify || sudo apt-get install yajl-tools
+          shopt -s globstar
+          ret_code=0
+          echo "-- Checking a regular '*.json' files"
+          for f in **/*.json; do echo "Checking: '${f}"; echo -n "  > "; cat $f | json_verify || ret_code=1; done
+          echo "-- Checking a 'Pipfile.lock' files"
+          for f in **/Pipfile.lock; do echo "Checking: '${f}"; echo -n "  > "; cat $f | json_verify || ret_code=1; done
+          echo "-- Checking a '*.ipynb' Jupyter notebook files"
+          for f in **/*.ipynb; do echo "Checking: '${f}"; echo -n "  > "; cat $f | json_verify || ret_code=1; done
+          if test "${ret_code}" -ne 0; then
+              echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there."
+          fi
+          exit "${ret_code}"
diff --git a/ci/check-json.sh b/ci/check-json.sh
new file mode 100755
index 000000000..d68e83edf
--- /dev/null
+++ b/ci/check-json.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# This script serves to check YAML files in this repository that contain particular
+# key fields where JSON string is expected. Such JSON strings are extracted and
+# validated via `json_verify` tool.
+#
+# Local execution: ./ci/check-json.sh
+#   Note: please execute from the root directory so that whole dir tree is checked
+#
+# In case of the PR on GitHub, this check is tied to GitHub actions automatically,
+# see `.github/workflows` directory.
+
+shopt -s globstar
+
+function check_json() {
+    local f="${1}"
+    local string="${2}"
+
+    local ret_code=0
+
+    echo "" # Let's make some space from eventual previous file check
+    echo "Checking: '${f}' - for '${string}':"
+
+    if grep --quiet --extended-regexp "${string}" "${f}"; then
+    #if $(grep -e "${string}" "${f}"); then
+        jsons=$(yq -r ".spec.tags[].annotations.\"${string}\"" "${f}")
+        
+        while IFS= read -r json; do
+            echo "    ${json}"
+            echo -n "  > "; echo "${json}" | json_verify || ret_code="${?}"
+        done <<< "${jsons}"
+    else
+	echo "    Ignoring as this file doesn't contain necessary key field '${string}' for check"
+    fi
+
+    return "${ret_code}"
+}
+
+ret_code=0
+for f in **/*.yml **/*.yaml; do
+    check_json "${f}" "opendatahub.io/notebook-software" || ret_code="${?}"
+    check_json "${f}" "opendatahub.io/notebook-python-dependencies" || ret_code="${?}"
+done
+
+exit "${ret_code}"
diff --git a/ci/yamllint-config.yaml b/ci/yamllint-config.yaml
new file mode 100644
index 000000000..c102a415e
--- /dev/null
+++ b/ci/yamllint-config.yaml
@@ -0,0 +1,8 @@
+---
+
+extends: default
+
+rules:
+  line-length: disable
+  new-line-at-end-of-file:
+    level: warning