diff --git a/.github/workflows/on-push-feature-branch.yaml b/.github/workflows/on-push-feature-branch.yaml
index 3a2f65d3..8554cf96 100644
--- a/.github/workflows/on-push-feature-branch.yaml
+++ b/.github/workflows/on-push-feature-branch.yaml
@@ -10,3 +10,5 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yaml
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/on-push-main-branch.yaml b/.github/workflows/on-push-main-branch.yaml
index 97f11aea..8063f943 100644
--- a/.github/workflows/on-push-main-branch.yaml
+++ b/.github/workflows/on-push-main-branch.yaml
@@ -10,6 +10,8 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yaml
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   generate-changelog:
     needs: tests
diff --git a/.github/workflows/release-production.yaml b/.github/workflows/release-production.yaml
index 1e4bdd56..c5310d0f 100644
--- a/.github/workflows/release-production.yaml
+++ b/.github/workflows/release-production.yaml
@@ -10,6 +10,8 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yaml
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   publish-production:
     needs: tests
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index ce2e3bf9..16edc7be 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -8,6 +8,9 @@ on:
       CR_SECRET:
         description: "Secret to authenticate if using an other container registry than Github"
         required: false
+      SNYK_TOKEN:
+        description: "Token used to authenticate with Snyk"
+        required: true
 
 env:
   IMAGE_REGISTRY: ghcr.io
@@ -50,6 +53,11 @@ jobs:
           docker pull $API_IMAGE
           docker build --target development --tag api-development ./api # TODO: --cache-from $API_IMAGE
 
+      - name: Container security scan with Snyk
+        run: |
+          apt install docker-scan-plugin
+          docker scan api-development
+
       - name: BDD Integration tests
         if: ${{ false }} # disable for now
         run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml run api behave
@@ -68,6 +76,32 @@ jobs:
           docker pull $WEB_IMAGE
           docker build --cache-from $WEB_IMAGE --target development --tag web-dev ./web
 
+      - name: Container security scan with Snyk
+        run: |
+          apt install docker-scan-plugin
+          docker scan web-dev
+          
+
+  python-security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for Python vulnerabilities
+        uses: snyk/actions/python@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high
+
+  node-security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for Node vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
   test-docs:
     name: test-docs
     runs-on: ubuntu-latest