diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..c09ccaf
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - tc-bus-api-wrapper > lodash:
+        patched: '2022-03-26T02:37:32.591Z'
+    - tc-core-library-js > lodash:
+        patched: '2022-03-26T02:37:32.591Z'
+    - tc-bus-api-wrapper > tc-core-library-js > lodash:
+        patched: '2022-03-26T02:37:32.591Z'
+    - winston > async > lodash:
+        patched: '2022-03-26T02:37:32.591Z'
diff --git a/package-lock.json b/package-lock.json
index 1e3fdf6..27100b5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -76,6 +76,11 @@
         "@hapi/hoek": "^9.0.0"
       }
     },
+    "@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+    },
     "@tokenizer/token": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.1.1.tgz",
@@ -2387,9 +2392,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
     },
     "lodash.clonedeep": {
       "version": "4.5.0",
diff --git a/package.json b/package.json
index db5037a..cc20b5e 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,9 @@
     "delete-tables": "node scripts/deleteTables.js",
     "lint": "standard",
     "lint:fix": "standard --fix",
-    "heroku-postbuild": "cd client && npm install && npm run build"
+    "heroku-postbuild": "cd client && npm install && npm run build",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -34,7 +36,7 @@
     "http-status-codes": "^1.3.0",
     "joi": "^17.2.1",
     "js-yaml": "^3.14.0",
-    "lodash": "^4.17.19",
+    "lodash": "^4.17.20",
     "multer": "^1.4.2",
     "node-cache": "^5.1.0",
     "react-virtualized": "^9.21.2",
@@ -42,7 +44,8 @@
     "tc-bus-api-wrapper": "topcoder-platform/tc-bus-api-wrapper.git#feature/auth0-proxy-server",
     "tc-core-library-js": "github:appirio-tech/tc-core-library-js#v2.6.4",
     "uuid": "^7.0.1",
-    "winston": "^3.2.1"
+    "winston": "^3.2.1",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "concurrently": "^5.2.0",
@@ -55,5 +58,6 @@
     "ignore": [
       "client"
     ]
-  }
+  },
+  "snyk": true
 }