diff --git a/snap-reference/.snyk b/snap-reference/.snyk
new file mode 100644
index 0000000..fa8f476
--- /dev/null
+++ b/snap-reference/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.3
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-AXIOS-174505:
+    - axios:
+        patched: '2019-05-06T03:45:03.645Z'
diff --git a/snap-reference/package.json b/snap-reference/package.json
index ec83b4d..1e8b9f0 100644
--- a/snap-reference/package.json
+++ b/snap-reference/package.json
@@ -8,13 +8,16 @@
     "package-prepare": "npm run lint && npm run babel && cp -r package.json dist && cp -r fonts dist/.fonts && cd dist && PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install --production",
     "babel": "rm -rf dist && mkdir dist && ./node_modules/.bin/babel src --out-dir dist",
     "local": "npm run babel && cp -r node_modules dist && node dist/starter-kit/local.js",
-    "lint": "./node_modules/.bin/eslint src"
+    "lint": "./node_modules/.bin/eslint src",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
   },
   "dependencies": {
     "axios": "^0.18.0",
     "puppeteer": "^1.1.1",
     "randomstring": "^1.1.5",
-    "tar": "^4.0.1"
+    "tar": "^4.0.1",
+    "snyk": "^1.161.1"
   },
   "devDependencies": {
     "aws-sdk": "^2.111.0",
@@ -24,5 +27,6 @@
     "eslint-config-google": "^0.9.1",
     "serverless-apigw-binary": "^0.4.4",
     "serverless-hooks-plugin": "^1.1.0"
-  }
+  },
+  "snyk": true
 }