diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 900cdd1aef..158c841c4d 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 jobs:
-  lint-test:
+  lint-test-snyk:
 
     runs-on: ubuntu-latest
 
@@ -47,9 +47,16 @@ jobs:
       run: |
         pytest
 
+    - name: Check for vulnerabilities with Snyk (python 3.10)
+      uses: snyk/actions/python-3.10@master
+      with:
+        args: app_python/
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
 
   docker-build-push:
-    needs: [ lint-test ]
+    needs: [ lint-test-snyk ]
 
     runs-on: ubuntu-latest
 
diff --git a/app_python/README.md b/app_python/README.md
index 221ad9514d..e6ec6b72e1 100644
--- a/app_python/README.md
+++ b/app_python/README.md
@@ -65,6 +65,6 @@ To run unit tests:
 ## CI
 
 On every push to the repository that changes files under `app_python/`,
-the code is linted and tested, on success, an image is built and published
-in DockerHub under the name `kolay0ne/app_py` with a tag matching the branch
-name.
+the code is linted and tested, and checked for vulnerabilities. On success,
+an image is built and published in DockerHub under the name `kolay0ne/app_py`
+with a tag matching the branch name.