diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000000..b56803c8f0
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,11 @@
+name: Example workflow for Maven using Snyk
+on: push
+jobs:
+ security:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@master
+ - name: Run Snyk to check for vulnerabilities
+ uses: snyk/actions/maven@master
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/README.md b/README.md
index 9e47442aab..6620af47ec 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,9 @@
## Java Goof
-This is a collection of Java demo apps that are vulnerable in different ways.
+This is a collection of Java demo apps that are vulnerable in different ways..
It's divided into modules, each one having its own README:
* [Todolist Goof](todolist-goof/README.md)
* [Log4Shell Goof](log4shell-goof/README.md)
-* [Quickstart for running both Todolist with Log4Shell in Kubernetes](README-K8S.md)
\ No newline at end of file
+* [Quickstart for running both Todolist with Log4Shell in Kubernetes](README-K8S.md)
diff --git a/todolist-goof/Dockerfile b/todolist-goof/Dockerfile
index 3d4c4fdfda..928577a7de 100644
--- a/todolist-goof/Dockerfile
+++ b/todolist-goof/Dockerfile
@@ -10,7 +10,7 @@ COPY todolist-web-common todolist-web-common
COPY todolist-web-struts todolist-web-struts
RUN --mount=target=$HOME/.m2,type=cache mvn install
-FROM tomcat:8.5.21
+FROM tomcat:9.0.95-jdk8-corretto-al2
RUN mkdir /tmp/extracted_files
COPY web.xml /usr/local/tomcat/conf/web.xml
diff --git a/todolist-goof/todolist-web-struts/pom.xml b/todolist-goof/todolist-web-struts/pom.xml
index e58874f827..f64788a41d 100644
--- a/todolist-goof/todolist-web-struts/pom.xml
+++ b/todolist-goof/todolist-web-struts/pom.xml
@@ -27,7 +27,7 @@
org.apache.logging.log4j
log4j-core
- 2.7
+ 2.12.2
org.apache.logging.log4j