diff --git a/.github/workflows/scheduled_snyk.yaml b/.github/workflows/scheduled_snyk.yaml
new file mode 100644
index 00000000..136eae62
--- /dev/null
+++ b/.github/workflows/scheduled_snyk.yaml
@@ -0,0 +1,45 @@
+name: Snyk scheduled test
+on:
+  schedule:
+    - cron: '0 2 * * 1'
+  push:
+    branches:
+      - main
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    env:
+      REPORT_FILE: test.json
+    steps:
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+        with:
+          snyk-version: v1.1032.0
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Run Snyk
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: >
+          snyk test
+          --configuration-matching='^runtimeClasspath$'
+          --fail-on=upgradable
+          --json-file-output=${{ env.REPORT_FILE }}
+          --org=radar-base
+          --policy-path=$PWD/.snyk
+
+      - name: Report new vulnerabilities
+        uses: thehyve/report-vulnerability@master
+        if: success() || failure()
+        with:
+          report-file: ${{ env.REPORT_FILE }}
+        env:
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
new file mode 100644
index 00000000..7187be66
--- /dev/null
+++ b/.github/workflows/snyk.yaml
@@ -0,0 +1,33 @@
+name: Snyk test
+on:
+  pull_request:
+    branches: [ main, dev ]
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+        with:
+          snyk-version: v1.1032.0
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Run Snyk to check for vulnerabilities
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: >
+            snyk test
+            --configuration-matching="^runtimeClasspath$"
+            --org=radar-base
+            --policy-path=.snyk
+            --all-projects
+            --fail-on=upgradable
+            --severity-threshold=high
diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000..2b62034f
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,5 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+patch: {}