diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..fcd2156
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - '@gapi/sequelize > sequelize > lodash':
+        patched: '2020-05-01T01:33:34.252Z'
+    - '@gapi/core > @rxdi/graphql-pubsub > @rxdi/graphql-rabbitmq-subscriptions > async > lodash':
+        patched: '2020-05-01T01:33:34.252Z'
diff --git a/package.json b/package.json
index bc6ac74..8860308 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,9 @@
     "pretest": "npm run lint",
     "lint": "tslint -c tslint.json 'src/**/*.{ts,tsx}'",
     "test": "gapi test --before",
-    "test-watch": "gapi test --before && gapi test --watch"
+    "test-watch": "gapi test --before && gapi test --watch",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "author": "Kristiyan Tachev",
   "license": "MIT",
@@ -25,7 +27,8 @@
     "@gapi/core": "^1.8.22",
     "graphql": "^14.5.8",
     "@gapi/sequelize": "^1.8.22",
-    "pg": "^6.4.2"
+    "pg": "^6.4.2",
+    "snyk": "^1.316.1"
   },
   "devDependencies": {
     "@types/jest": "^22.2.0",
@@ -75,5 +78,6 @@
     "testRegex": "/src/.*\\.spec.(ts|tsx|js)$",
     "verbose": true,
     "collectCoverage": true
-  }
+  },
+  "snyk": true
 }