Troubleshoot PR Checks
PR Checks that are configured to “Only fail when the issues found have a fix available” rely on Snyk FixPR support and, therefore, will not alert for projects in languages that do not support FixPR Checks.
General troubleshooting for PR Checks
The following table lists general issues with PR Checks and how to address them.
PR Check not triggered.
The repository is imported to Snyk, but when a PR is raised it does not trigger a PR Check.
Check the Project and Integration settings to make sure PR checks are configured.
Check the Project Settings integration page for a banner advising you that a webhook is absent. Double-check integration permission scopes (see Git repositories). If you still cannot create a webhook, contact support.
PR Check is expected but does not run.
The PR check is listed in the Git repository (SCM) as expected but never completes.
This issue is generally caused by a Branch Protection rule requiring the PR check. If the Project has been disabled or removed from Snyk, the PR check will not run, but the branch protection rule is still in force until removed or edited. Check for Branch Protection rules and confirm that the Project is imported and active.
Multiple Security and Licence PR Checks run on a single Pull Request.
When a PR is submitted, multiple Snyk PR Checks of the same type run against it, possibly with different results.
If a repository is imported into multiple Snyk Organizations, PR checks will run on the repository for any configured Organization. Check the name of the PR check as it includes the Organization name against which the check is run. Alternatively, selecting the PR Check details will take you to the results for the relevant Organization.
Open-source and licensing checks
If you come across false positive or false negative results, you can take action to diagnose and report the issue.
False positive
The result is marked as Failed by Snyk because it has identified an issue that does not actually exist.
Contact support to update the dependency version if Snyk has misidentified an issue for a package version.
If you want to push the changes forward, you can mark the result as successful. For more einformaiton, see Example: fix dependency issues with PR Checks).
False negative
The result is marked as Passed by Snyk because it failed to detect an issue that actually exists.
To address the issue, you can submit a vulnerability disclosure. If Snyk did not detect the vulnerability due to a misidentified package or the absence of code trace, contact support.
Code analysis checks
The following table lists code analysis errors and how to address them.
Failed to start code analysis.
Error causes:
The PR Checks cannot be created in the database.
The commit status cannot be sent.
Wait a few minutes, then try again.
Could not complete the PR analysis.
The PR Checks result has an unexpected status.
Wait a few minutes, then try again or mark as successful.
Failed to analyze code.
Error causes:
The analysis cannot be completed.
The commit status cannot be sent.
Wait a few minutes, then try again or mark as successful.
Upstream rate limit triggered while analyzing code.
The Git server rate limit has been reached and the repository cannot be read.
Wait a few minutes, then try again or mark as successful.
No valid credentials to perform code analysis.
The personal access token or OAuth is not recognized or the user access is not provisioned.
Revise your configuration on the Git repository side for any credential issues.
What to do if there are errors
Re-run PR Checks results
To re-run PR Checks results:
Create an empty commit for example with
git commit –allow-emptyCreate a new commit with a fix or additional capability
Close and re-open the pull request in your connected Git repository (for example, GitHub).
Mark as successful
Provide specific users or roles with the capability to pass the PR Check when errors happen. This can be done through the Snyk link in the PR Check and Marking as successful.
Last updated
Was this helpful?