SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Implementing Snyk in your teams
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Atlassian Integrations
AWS Integrations
Snyk Integrations
Snyk Account
CircleCI
Docker
Dynatrace
GCP
GitHub
Microsoft Azure
Oracle Cloud Infrastructure
Red Hat
SpringOne
Workshop Overview
Create Github Repository
Configure Snyk for DevSecOps
Developer Environment and Snyk
CI/CD Pipeline
Snyk Open-Source (SCA)
Import SPC into Snyk UI
Review Project Issues
Review Project Dependency Tree
Project fix advice
Snyk checks in GitHub
Snyk CI/CD
Snyk Containers
Snyk Infrastructure as Code (IaC)
Workshop Wrap Up
Powered By GitBook
Project fix advice

Fix vulnerabilities

Snyk knowledge of the transitive dependencies in your project makes it easy for Snyk to offer fix advice. Snyk can fix vulnerabilities in two ways. Snyk can upgrade the direct dependencies to a vulnerability free version, or it can patch the vulnerability.
Snyk supports the following workflows to help developers fix their vulnerabilities.
  1. 1.
    Snyk generates automatic git pull requests (PRs) using GitHub, GitLab, or Bitbucket PR workflows. Snyk executes this as a nightly workflow.
  2. 2.
    Snyk users use the Open a fix PR feature in the Snyk UI.
  3. 3.
    Snyk users use the fix this vulnerability feature on a specific issue card in the Snyk UI.
In this workshop, we will perform the fix this vulnerability option.

Generating automatic pull requests

Snyk generates automatic pull requests for your projects using the source control integration associated with your organization. To check the setting, select the integrations tab at the top of the Snyk UI and select your source control repository. Click the gear icon for your source control and review the settings. This setting can be configured on our per-project basis or for an entire organization.
This setting should be set from our initial configuration of GitHub
Snyk will issues PRs for your projects when they are ready. You can view the PR in GitHub (GitLab and Bitbucket have similar views) by select the Pull Request tab at the top of the git repository. Keep in mind, Synk generates PRs overnight, and multiple pull requests exist for different dependencies.
SPC will generate a PR given enough time.

Open a fix PR

The Snyk UI offers the ability to create Pull Requests directly from the project. To generate a PR find your SPC project from the list of projects and select the pom.xml file.
Select the Open a fix PR and Snyk will start with the workflow to generate a PR for SPC. Prior to sending the PR to GitHub, the Snyk UI will show you what will be fixed by the PR, any partial fixes, and anything that will not be fixed. Submit the PR to GitHub and visit your GitHub repository Pull Request tab to view the Pull Request.

Fix this vulnerability

Snyk's fix this vulnerability workflow is the same as the open a PR fix workflow. When generating a PR, only the specified vulnerability issue is selected in the PR, as shown below. Find the Cross-site Scripting (XSS) vulnerability and start the PR workflow.
Verify the issue is selected and complete the PR request.
Previous
Review Project Dependency Tree
Next
Snyk checks in GitHub
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub
Contents
Fix vulnerabilities
Generating automatic pull requests
Open a fix PR
Fix this vulnerability