diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..2d54692
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,18 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - tc-core-library-js > lodash:
+        patched: '2022-03-26T02:37:42.297Z'
+    - '@topcoder-platform/topcoder-bus-api-wrapper > lodash':
+        patched: '2022-03-26T02:37:42.297Z'
+    - '@topcoder-platform/topcoder-bus-api-wrapper > tc-core-library-js > lodash':
+        patched: '2022-03-26T02:37:42.297Z'
+    - no-kafka > bin-protocol > lodash:
+        patched: '2022-03-26T02:37:42.297Z'
+    - no-kafka > nice-simple-logger > lodash:
+        patched: '2022-03-26T02:37:42.297Z'
+    - no-kafka > wrr-pool > lodash:
+        patched: '2022-03-26T02:37:42.297Z'
diff --git a/package-lock.json b/package-lock.json
index 0f4ba98..830db88 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -372,6 +372,11 @@
       "integrity": "sha512-tsAQNx32a8CoFhjhijUIhI4kccIAgmGhy8LZMZgGfmXcpMbPRUqn5LWmgRttILi6yeGmBJd2xsPkFMs0PzgPCw==",
       "dev": true
     },
+    "@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+    },
     "@topcoder-platform/topcoder-bus-api-wrapper": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/@topcoder-platform/topcoder-bus-api-wrapper/-/topcoder-bus-api-wrapper-1.2.0.tgz",
@@ -4185,9 +4190,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
     },
     "lodash.clonedeep": {
       "version": "4.5.0",
diff --git a/package.json b/package.json
index d36619d..fcc6564 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,9 @@
     "mock-api": "NODE_ENV=test node test/mock/mock",
     "test": "nyc --reporter=html --reporter=text mocha test/unit/test.js --timeout 20000 --exit",
     "e2e": "nyc --reporter=html --reporter=text mocha test/e2e/test.js --timeout 20000 --exit",
-    "sync-terms": "node src/scripts/sync-terms.js"
+    "sync-terms": "node src/scripts/sync-terms.js",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "repository": "https://github.com/topcoder-platform/legacy-challenge-processor",
   "author": "TCSCODER",
@@ -32,7 +34,7 @@
     "gulp": "^4.0.2",
     "http-json-response": "^1.0.1",
     "ifxnjs": "^10.0.5",
-    "lodash": "^4.17.19",
+    "lodash": "^4.17.20",
     "moment-timezone": "^0.5.32",
     "no-kafka": "^3.4.3",
     "q": "^1.5.1",
@@ -41,7 +43,8 @@
     "tc-core-library-js": "github:appirio-tech/tc-core-library-js.git#v2.6.4",
     "underscore": "^1.10.2",
     "util": "^0.12.3",
-    "winston": "^3.3.3"
+    "winston": "^3.3.3",
+    "@snyk/protect": "latest"
   },
   "engines": {
     "node": "10.x"
@@ -58,5 +61,6 @@
       "test/unit/test.js",
       "test/e2e/test.js"
     ]
-  }
+  },
+  "snyk": true
 }