Assign fix work
Recap You have understood and fixed a vulnerability. Now we'll see how this process works in your team for your applications.

Your fix priority (deciding what to fix first) depends on the workflows and business processes of your teams. This decision-making process for fixing vulnerabilities may be for individual developers to decide on an ad-hoc basis, or may be for team leads to assign work as part of a Sprint.
Different teams approach fixes in different ways, depending on the tools they use, their own workflow maturity, and competing work priorities. Typically, smaller teams have less process, and Enterprise-level teams are more formal.

For example, your team could follow a triage-based process for each issue, driven largely by the severity of the issue:

Feature availability Jira integration is available with all paid plans. See pricing plans for more details.
Some teams base all their work around Jira tasks; we’ll look at this as an example.
Let’s assume that your development team assigns fix work based on Sprints, and decides that the next development Sprint will be dedicated to vulnerability fixing.
As part of this Sprint planning, the team leader can:
  • Review the vulnerabilities in a project
  • Decide which vulnerabilities to fix
  • Create a Jira issue for each vulnerability.
  • Assign these Jira issues as task to developers to fix these vulnerabilities,
  • Track progress on these tasks during the Sprint.
Snyk Jira integration allows you to run this process from the Snyk Web UI.

Navigate to the issue you have decided to fix, then click Create a Jira issue:
You can then define the Jira task details for this fix:
You can assign this task to a developer in the team, following your team’s normal Sprint processes.
You may want to create a Jira issue even if Snyk knows how to fix the change, and even if it’s a very minor upgrade; assigning issues allows your team to manage, justify and track code changes.

Export as PDF
Copy link
Edit on GitHub
On this page
Decide what to fix first
Example workflow: team-lead driven, using Jira
What's next?