PR Checks for Snyk Open Source
Snyk Code also provides PR Checks - see PR Checks for Snyk Code.

Snyk completes a live test before and after on the branch with the pull request. This means the build only fails if a vulnerability is detected.
Introduced Vulnerability
Main Branch Vulnerability
PR Check Result
Yes
Yes
Fail ❌
Yes
No
Fail ❌
No
Yes
Pass ✅
No
No
Pass ✅
Any (overridden)
Pass ✅
Testing PRs for vulnerability introduction falls in the CI/CD pipeline.
There are two main troubleshooting situations to diagnose for Snyk's PR checks.
  1. 1.
    Passed when it should have failed: submit Vulnerability Disclosure.
  2. 2.
    Failed when it should have passed: Check security check output.
Hot tip: Mimic a PR check like this (changes only, not state of project) Snyk CLI.
When SAST issues are found in your PR, Snyk Code provides you with additional details on each detected issue and offers you fix examples to assist you in developing secure code. By clicking the discovered issues or the link next to them in your SCM, you can open the Snyk Web UI, and view the full details of each discovered vulnerability in your PR:
If you want to pass PRs that automatically failed due to vulnerabilities that were found in them, Snyk Code also enables you to mark failed PRs as successful via the Snyk Web UI. Once you click the Mark as successful in SCM button on the Web UI, your failed PRs are considered as successful in the SCM, and can be merged into the target branch:
The Automatic PR Checks feature is applied only to repositories imported to Snyk from the integrated SCM. However, after the initial import, any new file or folder added to the imported repositories is included in the automatic PR Checks. The Automatic PR Checks feature can be enabled for your integrated SCM on the level of an entire Organization or on the level of a specific Project.
Every PR check is considered as a “test” in the test count of the related Organization. New commits to on open PR branch are also checked automatically, and therefore these commit checks are also counted as “tests”.

The workflow of using the PR Checks feature is the same as it is for Snyk Code:
Export as PDF
Copy link
Edit on GitHub
On this page
Introduction to PR Checks