diff --git a/.github/workflows/lints.yml b/.github/workflows/lints.yml
index ecb4bb5ee..3cecedb12 100644
--- a/.github/workflows/lints.yml
+++ b/.github/workflows/lints.yml
@@ -20,6 +20,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - name: Install dependencies
+        run: sudo python3 -m pip install yq
 
       - name: Cargo patches
         run: ./test/lint/lint-cargo-patches.sh
diff --git a/test/lint/lint-shell.sh b/test/lint/lint-shell.sh
index a089e6517..5af031045 100755
--- a/test/lint/lint-shell.sh
+++ b/test/lint/lint-shell.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright (c) 2018 The Bitcoin Core developers
+# Copyright (c) 2018-2019 The Bitcoin Core developers
 # Copyright (c) 2020-2022 The Zcash developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or https://www.opensource.org/licenses/mit-license.php .
@@ -17,16 +17,48 @@ if [ "$TRAVIS" = "true" ]; then
     unset LC_ALL
 fi
 
-if ! command -v shellcheck > /dev/null; then
-    echo "Skipping shell linting since shellcheck is not installed."
-    exit 0
-fi
-
 # Disabled warnings:
 disabled=(
     SC2046 # Quote this to prevent word splitting.
     SC2086 # Double quote to prevent globbing and word splitting.
     SC2162 # read without -r will mangle backslashes.
 )
-shellcheck -e "$(IFS=","; echo "${disabled[*]}")" \
-    $(git ls-files -- "*.sh")
+disabled_gitian=(
+    SC2001 # See if you can use ${variable//search/replace} instead.
+    SC2006 # Use $(...) notation instead of legacy backticked `...`.
+    SC2094 # Make sure not to read and write the same file in the same pipeline.
+    SC2129 # Consider using { cmd1; cmd2; } >> file instead of individual redirects.
+    SC2155 # Declare and assign separately to avoid masking return values.
+    SC2230 # which is non-standard. Use builtin 'command -v' instead.
+)
+
+EXIT_CODE=0
+
+if ! command -v shellcheck > /dev/null; then
+    echo "Skipping shell linting since shellcheck is not installed."
+    exit $EXIT_CODE
+fi
+
+EXCLUDE="--exclude=$(IFS=','; echo "${disabled[*]}")"
+if ! shellcheck "$EXCLUDE" $(git ls-files -- '*.sh' | grep -vE 'src/(leveldb|secp256k1|univalue)/'); then
+    EXIT_CODE=1
+fi
+
+if ! command -v yq > /dev/null; then
+    echo "Skipping Gitian desriptor scripts checking since yq is not installed."
+    exit $EXIT_CODE
+fi
+
+EXCLUDE_GITIAN=${EXCLUDE}",$(IFS=','; echo "${disabled_gitian[*]}")"
+for descriptor in $(git ls-files -- 'contrib/gitian-descriptors/*.yml')
+do
+    echo
+    echo "$descriptor"
+    # Use #!/bin/bash as gitian-builder/bin/gbuild does to complete a script.
+    SCRIPT=$'#!/bin/bash\n'$(yq -r .script "$descriptor")
+    if ! echo "$SCRIPT" | shellcheck "$EXCLUDE_GITIAN" -; then
+        EXIT_CODE=1
+    fi
+done
+
+exit $EXIT_CODE