diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml
index cf8a0ba..9351c43 100644
--- a/.github/workflows/snyk-scan.yml
+++ b/.github/workflows/snyk-scan.yml
@@ -7,6 +7,8 @@ on:
     branches: ["main" ]
   pull_request:
     branches: ["main"]
+  schedule: # Run snyk scan daily at midnight
+    - cron: '0 0 * * *'
 
 permissions:
   contents: read
@@ -40,4 +42,7 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --severity-threshold=critical # Forces fail on critical-severity vulnerabilities
+          args:
+            --sarif-file-output=snyk.sarif
+            --policy-path=.snyk
+            --severity-threshold=high # Forces fail on high-severity vulnerabilities
diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..f2a3480
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,6 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+
+ignore: {}
+
+patch: {}