Fix your first vulnerability
You can now start to resolve these vulnerabilities.
When we open a Snyk Project file, we see the list of issues Snyk has found in this Project, and we can research each issue, using Snyk and other sources of information.
Different actions may be available for each vulnerability:
- Assign the vulnerability to research and fix (see Assign fix work and Fix your first vulnerability - deeper dive)
Snyk fix functions available depend on the vulnerability and the type of scanning.
Reminder
We use GitHub in this example, most other supported Git code repository integrations work in a similar way. See Git repository integrations (SCMs) for details.
For vulnerabilities in open-source libraries, Snyk provides an option to create a Pull Request (PR) to upgrade dependencies to the latest version of a package. This upgrade PR will fix the vulnerability, removing it from your code.
Access this function using the Fix this Vulnerability button on the issue card:

Click "Fix this vulnerability" to create a P
Snyk then prompts you to confirm your vulnerability selection:

Open a Fix PR for a vulnerability
Your PR is selected by default, but you may wish to raise a PR to upgrade other libraries by selecting them
This list of all fixes may be overwhelming - you may only want to fix the vulnerability you’ve done the research on and know about.
Finally, click Open a fix PR at the bottom of that screen to generate a fix PR:
%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(2).png?alt=media)
Generate the fix PR for your vulnerability
You can then manage this change as you would for any standard code PR in your development process.
- Docs: See Fixing vulnerabilities for an overview, and Fixing and prioritizing issues for more details.
Snyk also provides an option to ignore a vulnerability, temporarily or permanently; for example, if we think it may not affect us, or if we think it’s a false positive. If you select to ignore a vulnerability, it doeSees not appear in subsequent scans for that Snyk Project.
Access this function using click Ignore button on the issue card:

Click Ignore to ignore a vulnerability
This example showed you how to apply a fix to an open-source vulnerability. Depending on what items you scan, you can use other Snyk products to resolve issues:
- For scan items built into a container, such as a Docker file, see Analysis and fixes for your images from the Snyk Web UI.
This example shows how to make a simple upgrade to a dependency, based on Snyk advice. Typically, fixes can be more complex than this.