diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
new file mode 100644
index 0000000..95cc952
--- /dev/null
+++ b/.github/workflows/snyk.yml
@@ -0,0 +1,18 @@
+name: Snyk
+on:
+ workflow_dispatch:
+ push:
+    branches:
+      - main
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - uses: snyk/actions/setup@master
+      - name: update lockfile
+        run: ./update-gemfile-lock.sh
+      - name: Run Snyk to check for vulnerabilities
+        run: snyk monitor --file=Gemfile.lock
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_DIO_KEY }}
diff --git a/update-gemfile-lock.sh b/update-gemfile-lock.sh
index 528add0..0cadbec 100755
--- a/update-gemfile-lock.sh
+++ b/update-gemfile-lock.sh
@@ -3,4 +3,4 @@
 docker run -it --rm \
   -v $(pwd):/app \
   $(grep ^FROM docker/Dockerfile |cut -d ' ' -f2) \
-  /bin/bash -c 'apt-get update -qq && apt-get install -y --no-install-recommends make && cd /app && gem install bundler && bundle install --jobs 3 && bundle update; echo "LOCK_FILE_UPDATE_EXIT_CODE=$?"'
+  /bin/bash -c 'cd /app && gem install bundler && bundle lock --update; echo "LOCK_FILE_UPDATE_EXIT_CODE=$?"'