diff --git a/script/vsts/.snyk b/script/vsts/.snyk
new file mode 100644
index 00000000000..e6db06e6cae
--- /dev/null
+++ b/script/vsts/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - pr-changelog > babel-preset-es2015 > babel-plugin-transform-es2015-modules-umd > babel-plugin-transform-es2015-modules-amd > babel-plugin-transform-es2015-modules-commonjs > babel-template > babel-traverse > babel-types > lodash:
+        patched: '2022-04-27T23:00:31.015Z'
diff --git a/script/vsts/package-lock.json b/script/vsts/package-lock.json
index cbdd54ee57f..3498a3e89ef 100644
--- a/script/vsts/package-lock.json
+++ b/script/vsts/package-lock.json
@@ -8,6 +8,7 @@
       "dependencies": {
         "@azure/storage-blob": "^12.5.0",
         "@octokit/rest": "^15.9.5",
+        "@snyk/protect": "^1.914.0",
         "download": "^7.1.0",
         "glob": "7.0.3",
         "pr-changelog": "^0.3.4",
@@ -347,6 +348,17 @@
         "node": ">=4"
       }
     },
+    "node_modules/@snyk/protect": {
+      "version": "1.914.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.914.0.tgz",
+      "integrity": "sha512-UdN6fw2XXRi5O6mAnzRI3juJU1NsmF+VfU86dCeXWozjWq/YFCSIiB+gOk77tKhNb8Z8sWXF2QnPSgDOtzUO5g==",
+      "bin": {
+        "snyk-protect": "bin/snyk-protect"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@types/node": {
       "version": "16.11.9",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.9.tgz",
@@ -4010,6 +4022,11 @@
       "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz",
       "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow=="
     },
+    "@snyk/protect": {
+      "version": "1.914.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.914.0.tgz",
+      "integrity": "sha512-UdN6fw2XXRi5O6mAnzRI3juJU1NsmF+VfU86dCeXWozjWq/YFCSIiB+gOk77tKhNb8Z8sWXF2QnPSgDOtzUO5g=="
+    },
     "@types/node": {
       "version": "16.11.9",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.9.tgz",
diff --git a/script/vsts/package.json b/script/vsts/package.json
index 463bb18335e..d6b3fb198ea 100644
--- a/script/vsts/package.json
+++ b/script/vsts/package.json
@@ -11,6 +11,12 @@
     "request": "^2.87.0",
     "request-promise-native": "^1.0.5",
     "semver": "5.3.0",
-    "yargs": "4.8.1"
-  }
+    "yargs": "4.8.1",
+    "@snyk/protect": "latest"
+  },
+  "scripts": {
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }