diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000000..7ba7c29b2c5
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,25 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-CC-K8S-10:
+    -  '* > * > input > spec > template > spec > initContainers[autopermissions] > securityContext > runAsNonRoot':
+        reason: Permissions script requires root
+        expires: 2666-01-02T15:25:09.138Z
+        created: 2021-12-03T15:25:09.144Z
+  SNYK-CC-K8S-41:
+    -  '* > * > spec > template > spec > initContainers[autopermissions] > livenessProbe':
+        reason: Permissions script requires root
+        expires: 2666-01-02T15:25:09.138Z
+        created: 2021-12-03T15:25:09.144Z
+  SNYK-CC-K8S-11:
+    -  '*':
+        reason: UID Clashes is not a priority, default user 568 is reserved on SCALE systems
+        expires: 2666-01-02T15:25:09.138Z
+        created: 2021-12-03T15:25:09.144Z
+  SNYK-CC-K8S-42:
+    -  '*':
+        reason: We enforce digestpinning all container images and run auto-updater weekly
+        expires: 2666-01-02T15:25:09.138Z
+        created: 2021-12-03T15:25:09.144Z
+patch: {}