diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
new file mode 100644
index 00000000..026e27f7
--- /dev/null
+++ b/.github/workflows/vulnerability-scan.yml
@@ -0,0 +1,17 @@
+name: Vulnerability Scan
+on: pull_request_target
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+        with:
+          ref: ${{ github.head_ref }}
+      - run: docker build -t privado-main-oss -f Dockerfile .
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: privado-main-oss
+          args: --severity-threshold=high
\ No newline at end of file