diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3b99a6c3..806f016d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -21,7 +21,7 @@ jobs:
         with:
           cache: 'yarn'
           cache-dependency-path: 'cdk/yarn.lock'
-          node-version-file: 'cdk/.nvmrc'
+          node-version-file: '.nvmrc'
       - uses: actions/setup-java@v2
         with:
           java-version: '11'
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
new file mode 100644
index 00000000..5eaa203a
--- /dev/null
+++ b/.github/workflows/snyk.yaml
@@ -0,0 +1,18 @@
+name: Snyk
+
+on:
+  schedule:
+    - cron: '0 6 * * *'
+  push:
+    branches:
+      - main
+  pull_request:    
+  workflow_dispatch:
+
+jobs:
+  security:
+    uses: guardian/.github/.github/workflows/sbt-node-snyk.yml@main
+    with:
+      ORG: 'guardian-devtools'
+    secrets:
+       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/cdk/.nvmrc b/.nvmrc
similarity index 100%
rename from cdk/.nvmrc
rename to .nvmrc
diff --git a/project/plugins.sbt b/project/plugins.sbt
index 6bc60bf0..dde9f44d 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -4,3 +4,4 @@ addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.8.0")
 addSbtPlugin("com.gu" % "sbt-riffraff-artifact" % "1.1.18")
 libraryDependencies += "org.vafer" % "jdeb" % "1.3" artifacts Artifact("jdeb", "jar", "jar")
 addSbtPlugin("com.eed3si9n" % "sbt-buildinfo" % "0.7.0")
+addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.10.0-RC1")