diff --git a/lib/api/.snyk b/lib/api/.snyk
new file mode 100644
index 000000000000..88a77af18bce
--- /dev/null
+++ b/lib/api/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - lodash:
+        patched: '2020-05-01T01:27:41.537Z'
+    - telejson > lodash:
+        patched: '2020-05-01T01:27:41.537Z'
+    - '@storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T01:27:41.537Z'
+    - '@storybook/theming > @emotion/core > @emotion/css > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T01:27:41.537Z'
diff --git a/lib/api/package.json b/lib/api/package.json
index 3b0d6736bb5d..6e514cebeffb 100644
--- a/lib/api/package.json
+++ b/lib/api/package.json
@@ -17,7 +17,8 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "scripts": {
-    "prepare": "node ./scripts/generateVersion.js && node ../../scripts/prepare.js"
+    "prepare": "npm run snyk-protect && node ./scripts/generateVersion.js && node ../../scripts/prepare.js",
+    "snyk-protect": "snyk protect"
   },
   "dependencies": {
     "@storybook/channels": "5.2.0-beta.18",
@@ -36,7 +37,8 @@
     "shallow-equal": "^1.1.0",
     "store2": "^2.7.1",
     "telejson": "^2.2.2",
-    "util-deprecate": "^1.0.2"
+    "util-deprecate": "^1.0.2",
+    "snyk": "^1.316.1"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.129",
@@ -44,5 +46,6 @@
   },
   "publishConfig": {
     "access": "public"
-  }
+  },
+  "snyk": true
 }