diff --git a/scripts/test-kubeval-validation b/scripts/test-kubeval-validation
new file mode 100755
index 0000000..fa62a52
--- /dev/null
+++ b/scripts/test-kubeval-validation
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -o errexit
+trap 'echo "Aborting due to errexit on line $LINENO. Exit code: $?" >&2' ERR
+set -o errtrace
+set -o pipefail
+
+# In CI test changes only
+if [ ! -z "$PULL_BASE_SHA" ] && [ ! -z "$PULL_PULL_SHA" ]; then
+    echo "Checking changes in range $PULL_BASE_SHA..$PULL_PULL_SHA only."
+    bases=$(git diff --name-status $PULL_BASE_SHA $PULL_PULL_SHA | grep -Po "^[^DR]\s+\K.*?(?=/)|^R\w*\s+.*\s+\K.*?(?=/)" | sort | uniq)
+else
+    echo "Checking all overlays."
+    bases="."
+fi
+
+# Let's ignore the secrets...
+
+export KUSTOMIZE_PLUGIN_HOME=/tmp/new_plugin_dir
+
+mkdir -p $KUSTOMIZE_PLUGIN_HOME/viaduct.ai/v1/ksops/
+echo '#!/bin/sh' >$KUSTOMIZE_PLUGIN_HOME/viaduct.ai/v1/ksops/ksops
+chmod +x $KUSTOMIZE_PLUGIN_HOME/viaduct.ai/v1/ksops/ksops
+
+# User can specify custom include/exclude regex
+if [ -z "$INCLUDE" ]; then
+    INCLUDE=".*/overlays/.*kustomization.yaml"
+fi
+if [ -z "$EXCLUDE" ]; then
+    EXCLUDE="*odh-manifests*"
+fi
+# and check all the sub directories with manifests...
+k=$(for i in $(echo "$bases"); do find $i -regex "$INCLUDE"; done)
+
+for d in $k; do
+    if [[ $(dirname $d) == $EXCLUDE ]]; then
+        echo skipping $(dirname $d)
+        continue
+    fi
+
+    echo checking $(dirname $d)
+    kustomize build --enable-alpha-plugins $(dirname $d) | kubeval --strict --ignore-missing-schemas --schema-location=https://raw.githubusercontent.com/operate-first/schema-store/main/schemas 2>&1
+done
+
+#end.