Fix your first vulnerability
Recap You have viewed Snyk Projects and understood their vulnerabilities. You can now start to resolve these vulnerabilities.

When we open a Snyk Project file, we see the list of issues Snyk has found in this Project, and we can research each issue, using Snyk and other sources of information.
Different actions may be available for each vulnerability:
Actions available depend on the vulnerability and the type of scanning. See Fix your vulnerabilities for more details.

Reminder We use GitHub in this example, most other supported Git code repository integrations work in a similar way. See Git repository integrations.
For vulnerabilities in open source libraries, the Fix this Vulnerability button raises a PR to upgrade dependencies to the latest version of a package (which fixes the vulnerability, removing it from your code).
The Open a Fix PR screen allows you to select your PR:
Your PR is selected by default, but you may wish to raise a PR to upgrade other libraries by selecting them (this list of all fixes may be overwhelming - you may only want to fix the vulnerability you’ve done the research on and know about).
Click Open a fix PR at the bottom of this screen to generate a fix PR:
You can then manage this change as for any other PRs for your code.

Another option is to ignore a vulnerability, temporarily or permanently; for example, if we think it may not affect us, or if we think it’s a false positive. We can click Ignore, and make a comment to record why we’re ignoring it.
If you select to ignore, this vulnerability will not appear in the next scans for that Snyk Project.

This example showed you how to apply a fix to an open source vulnerability, using Snyk Open Source. Depending on what you scan, you can use other Snyk products to resolve issues:

This example shows how to make a simple upgrade to a dependency, based on Snyk advice. Typically, fixes can be more complex than this.
Next, let's take a deeper dive into fixing a vulnerability in your code.
Export as PDF
Copy link
Edit on GitHub
On this page
How can I resolve it?
Open source example: Fix this vulnerability
Ignore the vulnerability
Fix issues for other types of scan
What's next?