diff --git a/test/endtoend/create-react-app/.snyk b/test/endtoend/create-react-app/.snyk
new file mode 100644
index 0000000000..b30ec9daa3
--- /dev/null
+++ b/test/endtoend/create-react-app/.snyk
@@ -0,0 +1,36 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - react-scripts > @babel/core > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > eslint > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > eslint-plugin-flowtype > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > html-webpack-plugin > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > webpack-manifest-plugin > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > @babel/core > @babel/traverse > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > eslint > inquirer > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > eslint > table > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > react-dev-utils > inquirer > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > webpack-dev-server > http-proxy-middleware > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > webpack-dev-server > portfinder > async > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-modules-amd > @babel/helper-module-transforms > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
+    - react-scripts > jest-environment-jsdom-fourteen > jsdom > request-promise-native > request-promise-core > lodash:
+        patched: '2022-09-29T19:50:45.526Z'
diff --git a/test/endtoend/create-react-app/package-lock.json b/test/endtoend/create-react-app/package-lock.json
index 048c9778dd..16c03ac2ef 100644
--- a/test/endtoend/create-react-app/package-lock.json
+++ b/test/endtoend/create-react-app/package-lock.json
@@ -1239,6 +1239,11 @@
       "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz",
       "integrity": "sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw=="
     },
+    "@snyk/protect": {
+      "version": "1.1017.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1017.0.tgz",
+      "integrity": "sha512-6WHVyRUBba7Q/e6BAbn3+J3SSvBQU0Ps9YItg9Z/B7w91JusSCq6P4KTNt66AZxHwQ1X2iUbIWrkNEIpKuXePQ=="
+    },
     "@svgr/babel-plugin-add-jsx-attribute": {
       "version": "4.2.0",
       "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-4.2.0.tgz",
diff --git a/test/endtoend/create-react-app/package.json b/test/endtoend/create-react-app/package.json
index 7d594c8f82..f48ccfea88 100644
--- a/test/endtoend/create-react-app/package.json
+++ b/test/endtoend/create-react-app/package.json
@@ -7,12 +7,16 @@
     "es6-shim": "^0.35.3",
     "react": "^16.8.6",
     "react-dom": "^16.8.6",
-    "react-scripts": "3.3.0"
+    "react-scripts": "3.3.0",
+    "@snyk/protect": "latest"
   },
   "scripts": {
     "start": "react-scripts start",
     "build": "react-scripts build",
     "test": "react-scripts test --env=jsdom",
-    "eject": "react-scripts eject"
-  }
+    "eject": "react-scripts eject",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }