diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0f47a0639..816435953 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,6 +15,10 @@ jobs:
         go-version: ${{ matrix.go-version }}
     - name: Checkout code
       uses: actions/checkout@v2
+    - name: Run Snyk to check for vulnerabilities
+      uses: snyk/actions/golang@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
     - name: Test
       run: make
       env:
diff --git a/Makefile b/Makefile
index 5e27c7746..0dbbfe07b 100755
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@ TEST?=./...
 
 .DEFAULT_GOAL := ci
 
-ci:: docker deps snyk clean bin test pact goveralls
+ci:: docker deps clean bin test pact goveralls
 
 docker:
 	@echo "--- 🛠 Starting docker"
@@ -21,7 +21,7 @@ bin:
 clean:
 	rm -rf build output dist examples/v3/pacts
 
-deps: snyk-install
+deps:
 	@echo "--- 🐿  Fetching build dependencies "
 	go get github.com/axw/gocov/gocov
 	go get github.com/mattn/goveralls
@@ -83,17 +83,6 @@ testrace:
 updatedeps:
 	go get -d -v -p 2 ./...
 
-snyk-install:
- ifeq (, $(shell which snyk))
-	npm i snyk
- endif
-
-snyk:
-	# only run on CI, but don't do for PRs because tokens aren't available
-	@if [ "$$GITHUB_HEAD_REF" = "" -a "$$GITHUB_REF" != "" ]; then\
-		npx snyk test; \
-	fi
-
 rust:
 	cd ~/development/public/pact-reference/rust; \
 	cargo build; \