diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2e811d52..84caf522 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -42,10 +42,20 @@ jobs:
           -covermode=atomic \
           ./...
 
-      # We run this here to use the caching of the previous steps
-      - if: github.event_name == 'push'
-        name: Build final image
-        run: docker build .
+      - name: Code security analysis
+        uses: snyk/actions/golang@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Build final image
+        run: docker build -t final-image .
+
+      - name: Image security analysis
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: final-image
 
   publish:
     needs: [verify]