diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
new file mode 100644
index 0000000000000..824d888b1af3c
--- /dev/null
+++ b/.github/workflows/snyk.yml
@@ -0,0 +1,54 @@
+name: Snyk SBOM CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  snyk_scans:
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - uses: actions/checkout@v3
+      - name: Run Snyk to check for vulnerabilities - sarif output
+        continue-on-error: true
+        uses: snyk/actions/golang@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args:  --all-projects --sarif-file-output=${{ github.event.repository.name }}.sarif --strict-out-of-sync=false
+
+      - name: Run Snyk to check for vulnerabilities - json output
+        continue-on-error: true
+        uses: snyk/actions/golang@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --json --all-projects --json-file-output=${{ github.event.repository.name }}.json  --strict-out-of-sync=false
+
+      - name: install snyk-to-html
+        run: |
+          npm install snyk-to-html snyk2spdx snyk -g
+          snyk auth ${{ secrets.SNYK_TOKEN }}
+          snyk-to-html -i ${{ github.event.repository.name }}.json -o ${{ github.event.repository.name }}.html
+          snyk test --json --strict-out-of-sync=false | snyk2spdx --output ${{ github.event.repository.name }}.spdx
+
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ github.event.repository.name }}.sarif
+
+      - name: Create results dir
+        run: mkdir -p snyk_scans && cp -v ${{ github.event.repository.name }}.{html,json,sarif,spdx} snyk_scans/
+
+      - name: Use the Upload Artifact GitHub Action
+        uses: actions/upload-artifact@v2
+        with:
+          name: snyk_scans
+          path: snyk_scans