We use GitHub in this example, most other supported Git code repository integrations work in a similar way. See Git repository integrations.
For vulnerabilities in open source libraries, the Fix this Vulnerability button raises a PR to upgrade dependencies to the latest version of a package (which fixes the vulnerability, removing it from your code).
The Open a Fix PR screen allows you to select your PR:
Your PR is selected by default, but you may wish to raise a PR to upgrade other libraries by selecting them (this list of all fixes may be overwhelming - you may only want to fix the vulnerability you’ve done the research on and know about).
Click Open a fix PR at the bottom of this screen to generate a fix PR:
You can then manage this change as for any other PRs for your code.
Another option is to ignore a vulnerability, temporarily or permanently; for example, if we think it may not affect us, or if we think it’s a false positive. We can click Ignore, and make a comment to record why we’re ignoring it.
If you select to ignore, this vulnerability will not appear in the next scans for that Snyk Project.