diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 1a1da8c9f..a1b487e5c 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -7,7 +7,7 @@ jobs:
   run-tox-env:
     strategy:
       matrix:
-        toxenv: [mypy, twine-check]
+        toxenv: [mypy, twine-check, check-sdist]
         py: ["3.x"]
         include:
           - toxenv: py-mindeps
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 2771349f9..a24d87001 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -17,6 +17,8 @@ Unreleased
   all errors are reported but the checked filenames are no longer displayed. The
   list of filenames checked is now emitted at the second verbosity level (`-vv`)
   and above. (:issue:`648`)
+- `check-jsonschema`'s sdist contents are now validated with `check-sdist`, and missing
+  files have been added.
 
 0.36.2
 ------
diff --git a/MANIFEST.in b/MANIFEST.in
index 93707e5aa..0affc1f25 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -2,12 +2,14 @@
 
 # data files in the distribution
 include src/check_jsonschema/builtin_schemas/vendor/*
+include src/check_jsonschema/builtin_schemas/vendor/licenses/*
+include src/check_jsonschema/builtin_schemas/vendor/sha256/*
 include src/check_jsonschema/builtin_schemas/custom/*.json
 
 ## Testing Requirements
 
 # include all test files and test data files
-recursive-include tests *.py *.json *.yaml *.yml *.json5 *.toml
+recursive-include tests *.py *.json *.yaml *.yml *.json5 *.toml *.cff
 
 # the test runner
 include tox.ini
@@ -15,3 +17,11 @@ include tox.ini
 # needed as a data file for the tests (several tests check integrity
 # against this file)
 include .pre-commit-hooks.yaml
+
+# tools, automation, and project maintenance
+include CHANGELOG.rst
+include CONTRIBUTING.md
+include justfile
+include scripts/*.py
+include .coveragerc
+include .flake8
diff --git a/pyproject.toml b/pyproject.toml
index 0df83f174..3da65d4ea 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -16,6 +16,11 @@ docs = [
     "sphinx-issues<6",
     "furo==2025.12.19",
 ]
+check-package-metadata = [
+    "build",
+    "twine",
+    "check-sdist",
+]
 
 [project]
 name = "check-jsonschema"
@@ -57,6 +62,9 @@ include-package-data = true
 where = ["src"]
 namespaces = false
 
+[tool.check-sdist]
+git-only = ["RELEASING.md", ".gitignore", "docs/*"]
+
 [tool.isort]
 profile = "black"
 
diff --git a/tox.ini b/tox.ini
index de5e33b1b..f079cc78b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -81,16 +81,21 @@ commands_pre = rm -rf _build/
 commands = sphinx-build -d _build/doctrees -b dirhtml -W . _build/dirhtml {posargs}
 
 [testenv:twine-check]
-description = "check the metadata on a package build"
+description = "check the metadata on a package build using twine"
 skip_install = true
-deps = twine
-       build
+dependency_groups = check-package-metadata
 allowlist_externals = rm
 commands_pre = rm -rf dist/
 # check that twine validating package data works
 commands = python -m build
            twine check dist/*
 
+[testenv:check-sdist]
+description = "check the package contents using check-sdist"
+skip_install = true
+dependency_groups = check-package-metadata
+commands = check-sdist --inject-junk
+
 [testenv:vendor-schemas]
 description = "update the vendored schemas"
 deps = pre-commit