diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000000..587e1a25ecc
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,18 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - eslint > lodash:
+        patched: '2022-03-26T03:37:47.929Z'
+    - eslint-plugin-json > lodash:
+        patched: '2022-03-26T03:37:47.929Z'
+    - jest > @jest/core > jest-snapshot > @babel/types > lodash:
+        patched: '2022-03-26T03:37:47.929Z'
+    - jest > @jest/core > @jest/transform > @babel/core > lodash:
+        patched: '2022-03-26T03:37:47.929Z'
+    - jest > @jest/core > @jest/transform > @babel/core > @babel/helper-module-transforms > lodash:
+        patched: '2022-03-26T03:37:47.929Z'
+    - jest > @jest/core > jest-config > jest-environment-jsdom > jsdom > request-promise-native > request-promise-core > lodash:
+        patched: '2022-03-26T03:37:47.929Z'
diff --git a/package.json b/package.json
index 0847a1390a5..37a1ae16b77 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,9 @@
     "draft-release": "ts-node -P script/tsconfig.json script/draft-release/index.ts",
     "draft-release:format": "prettier --check --write changelog.json app/package.json && yarn validate-changelog",
     "validate-changelog": "ts-node -P script/tsconfig.json script/validate-changelog.ts",
-    "check-modified": "stop-build"
+    "check-modified": "stop-build",
+    "prepare": "yarn run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "author": {
     "name": "GitHub, Inc.",
@@ -123,7 +125,8 @@
     "webpack-hot-middleware": "^2.22.2",
     "webpack-merge": "^4.1.2",
     "xml2js": "^0.4.16",
-    "xvfb-maybe": "^0.2.1"
+    "xvfb-maybe": "^0.2.1",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "@types/byline": "^4.2.31",
@@ -184,5 +187,6 @@
     "electron-winstaller": "^5.0.0",
     "reserved-words": "^0.1.2",
     "tsconfig-paths": "^3.9.0"
-  }
+  },
+  "snyk": true
 }
diff --git a/yarn.lock b/yarn.lock
index a116d7d1adc..e0e44b6aa30 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -603,6 +603,11 @@
   dependencies:
     "@sinonjs/commons" "^1.7.0"
 
+"@snyk/protect@^1.883.0":
+  version "1.883.0"
+  resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.883.0.tgz#048015d4e0f1c18b6abc7e2773b6374b620bd399"
+  integrity sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==
+
 "@szmarczak/http-timer@^1.1.2":
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/@szmarczak/http-timer/-/http-timer-1.1.2.tgz#b1665e2c461a2cd92f4c1bbf50d5454de0d4b421"