diff --git a/.github/workflows/on-push-feature-branch.yaml b/.github/workflows/on-push-feature-branch.yaml
index 3a2f65d3..8554cf96 100644
--- a/.github/workflows/on-push-feature-branch.yaml
+++ b/.github/workflows/on-push-feature-branch.yaml
@@ -10,3 +10,5 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yaml
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/on-push-main-branch.yaml b/.github/workflows/on-push-main-branch.yaml
index 97f11aea..03ac5fc3 100644
--- a/.github/workflows/on-push-main-branch.yaml
+++ b/.github/workflows/on-push-main-branch.yaml
@@ -10,6 +10,8 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yaml
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   generate-changelog:
     needs: tests
@@ -35,3 +37,58 @@ jobs:
       radix-environment: 'test'
     secrets:
       APP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.APP_SERVICE_ACCOUNT_TOKEN }}
+
+
+  snyk-monitoring-python:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to monitor for python vulnerabilities
+        uses: snyk/actions/python-3.10@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args:  --severity-threshold=high --file=api/pyproject.toml
+
+  snyk-monitoring-node:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to monitor for node vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args: --severity-threshold=high --file=web/package.json
+
+  snyk-monitor-web-container:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build a Docker image
+        run: docker build -t web ./web
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: web
+          command: monitor
+          args: --file=./web/Dockerfile
+
+  snuyk-monitor-api-container:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build a Docker image
+        run: docker build -t api ./api
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: web
+          command: monitor
+          args: --file=./api/Dockerfile
\ No newline at end of file
diff --git a/.github/workflows/release-production.yaml b/.github/workflows/release-production.yaml
index 1e4bdd56..c5310d0f 100644
--- a/.github/workflows/release-production.yaml
+++ b/.github/workflows/release-production.yaml
@@ -10,6 +10,8 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yaml
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   publish-production:
     needs: tests
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index ce2e3bf9..8a732deb 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -8,6 +8,9 @@ on:
       CR_SECRET:
         description: "Secret to authenticate if using an other container registry than Github"
         required: false
+      SNYK_TOKEN:
+        description: "Token used to authenticate with Snyk"
+        required: true
 
 env:
   IMAGE_REGISTRY: ghcr.io
@@ -50,6 +53,14 @@ jobs:
           docker pull $API_IMAGE
           docker build --target development --tag api-development ./api # TODO: --cache-from $API_IMAGE
 
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: api-development
+          args: --file=api/Dockerfile
+
       - name: BDD Integration tests
         if: ${{ false }} # disable for now
         run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml run api behave
@@ -68,6 +79,42 @@ jobs:
           docker pull $WEB_IMAGE
           docker build --cache-from $WEB_IMAGE --target development --tag web-dev ./web
 
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: web-dev
+          args: --severity-threshold=high --file=web/Dockerfile
+          
+
+  python-security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for Python vulnerabilities
+        uses: snyk/actions/python-3.10@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high --file=api/pyproject.toml
+
+  node-security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Install dependencies
+        working-directory: ./web
+        run: |
+          npm install
+      - name: Run Snyk to check for Node vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high --file=web/package.json
+
+
   test-docs:
     name: test-docs
     runs-on: ubuntu-latest