diff --git a/src/deep-framework/.snyk b/src/deep-framework/.snyk
new file mode 100644
index 00000000..0f79eb79
--- /dev/null
+++ b/src/deep-framework/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - lodash:
+        patched: '2019-07-04T08:47:19.581Z'
+    - deep-search > elasticsearch > lodash:
+        patched: '2019-07-04T08:47:19.581Z'
+    - webpack > async > lodash:
+        patched: '2019-07-04T08:47:19.581Z'
diff --git a/src/deep-framework/package.json b/src/deep-framework/package.json
index bfb4bb28..d7f4ea58 100644
--- a/src/deep-framework/package.json
+++ b/src/deep-framework/package.json
@@ -68,10 +68,11 @@
   "scripts": {
     "compile-travis": "bash ../../bin/compile-lib.sh .",
     "compile": "bash node-bin/compile.sh",
-    "prepublish": "npm run compile && npm run browser-build",
+    "prepublish": "npm run snyk-protect; npm run compile && npm run browser-build",
     "browser-build": "bash node-bin/browser_build.sh",
     "prepare-production": "bash hooks/prepare_production.sh",
-    "final-prepare-production": "bash hooks/final_prepare_production.sh"
+    "final-prepare-production": "bash hooks/final_prepare_production.sh",
+    "snyk-protect": "snyk protect"
   },
   "dependencies": {
     "aws-sdk": "^2.70.0",
@@ -98,7 +99,8 @@
     "store": "^2.0.4",
     "uglify-js": "github:mishoo/UglifyJS2#harmony-v2.8.22",
     "uglifyjs-webpack-plugin": "^0.4.3",
-    "webpack": "^2.6.1"
+    "webpack": "^2.6.1",
+    "snyk": "^1.190.0"
   },
   "devDependencies": {},
   "engines": {
@@ -109,5 +111,6 @@
   "analyze": true,
   "jspm": {
     "main": "browser/framework.js"
-  }
+  },
+  "snyk": true
 }