Fix your first vulnerability

You can now start to resolve these vulnerabilities.

How can I resolve an issue?

When we open a Snyk Project file, we see the list of issues Snyk has found in this Project, and we can research each issue, using Snyk and other sources of information.

Different actions may be available for each vulnerability:

Snyk fix functions available depend on the vulnerability and the type of scanning.

Fix this vulnerability function

Reminder We use GitHub in this example, most other supported Git code repository integrations work in a similar way. See Git repository integrations (SCMs) for details.

For vulnerabilities in open-source libraries, Snyk provides an option to create a Pull Request (PR) to upgrade dependencies to the latest version of a package. This upgrade PR will fix the vulnerability, removing it from your code.

Access this function using the Fix this Vulnerability button on the issue card:

Snyk then prompts you to confirm your vulnerability selection:

Your PR is selected by default, but you may wish to raise a PR to upgrade other libraries by selecting them

This list of all fixes may be overwhelming - you may only want to fix the vulnerability you’ve done the research on and know about.

Finally, click Open a fix PR at the bottom of that screen to generate a fix PR:

You can then manage this change as you would for any standard code PR in your development process.

More information

Ignore the vulnerability

Snyk also provides an option to ignore a vulnerability, temporarily or permanently; for example, if you think it may not affect your code, or that is is a false positive. If you select to ignore a vulnerability, it does not appear in subsequent scans for that Snyk Project.

To ignore a vulnerability, click the Ignore button on the issue card:

Fix issues for other types of scans

This example showed you how to apply a fix to an open-source vulnerability. Depending on what items you scan, you can use other Snyk products to resolve issues:

More information and next step

For information about determining which issues to fix, see Ignore issues in the documentation and the Ignore strategies training video.

The example on this page shows how to make a simple upgrade to a dependency, based on Snyk advice. Fixes can often be more complex than this.

Continue by taking a deeper dive into fixing a vulnerability in your code.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.