diff --git a/app/riot/.snyk b/app/riot/.snyk
new file mode 100644
index 000000000000..2b59c95610d1
--- /dev/null
+++ b/app/riot/.snyk
@@ -0,0 +1,50 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - '@storybook/core > @storybook/ui > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > babel-preset-minify > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > html-webpack-plugin > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > inquirer > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/api > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > telejson > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > babel-preset-minify > babel-plugin-minify-dead-code-elimination > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > react-dev-utils > inquirer > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/addons > @storybook/api > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/client-api > @storybook/channel-postmessage > telejson > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @babel/preset-env > @babel/plugin-transform-unicode-regex > @babel/helper-create-regexp-features-plugin > @babel/helper-regex > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/addons > @storybook/api > telejson > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @babel/preset-env > @babel/preset-modules > @babel/plugin-transform-dotall-regex > @babel/helper-create-regexp-features-plugin > @babel/helper-regex > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/components > @storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/addons > @storybook/api > @storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
+    - '@storybook/core > @storybook/ui > @storybook/addons > @storybook/api > @storybook/theming > @emotion/core > @emotion/css > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-05-01T00:11:18.584Z'
diff --git a/app/riot/package.json b/app/riot/package.json
index 7ff91612aa49..a140932f2aa0 100644
--- a/app/riot/package.json
+++ b/app/riot/package.json
@@ -22,7 +22,8 @@
     "storybook-server": "./bin/index.js"
   },
   "scripts": {
-    "prepare": "node ../../scripts/prepare.js"
+    "prepare": "npm run snyk-protect && node ../../scripts/prepare.js",
+    "snyk-protect": "snyk protect"
   },
   "dependencies": {
     "@storybook/core": "5.2.0-beta.18",
@@ -30,7 +31,8 @@
     "core-js": "^3.0.1",
     "global": "^4.3.2",
     "raw-loader": "^2.0.0",
-    "regenerator-runtime": "^0.12.1"
+    "regenerator-runtime": "^0.12.1",
+    "snyk": "^1.316.1"
   },
   "devDependencies": {
     "@babel/plugin-transform-modules-commonjs": "^7.2.0",
@@ -50,5 +52,6 @@
   },
   "publishConfig": {
     "access": "public"
-  }
+  },
+  "snyk": true
 }