diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..8942630
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,10 @@
+repos:
+  - repo: local
+    hooks:
+      - id: check_has_test
+        name: check_has_test.sh
+        description: Ensure a check has a corresponding test
+        entry: hooks/check_has_test.sh
+        language: script
+        pass_filenames: true
+        files: "^bin/hardening/"
diff --git a/hooks/check_has_test.sh b/hooks/check_has_test.sh
new file mode 100755
index 0000000..fe2c467
--- /dev/null
+++ b/hooks/check_has_test.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+test_path="tests/hardening"
+failure=0
+failed_checks=""
+
+for check in "$@"; do
+    base_name=$(basename "$check")
+    if [ ! -f $test_path/"$base_name" ]; then
+        failure=1
+        failed_checks="$failed_checks $base_name"
+    fi
+done
+
+if [ $failure -ne 0 ]; then
+    for check in $failed_checks; do
+        echo "missing file $test_path/$check"
+    done
+fi
+
+exit $failure