Automatic and manual PRs with Snyk Open Source

See Fix your vulnerabilities for more details of general fix functions.
Snyk provides actionable fix advice for vulnerabilities in your Open Source libraries, using:
​Automatic pull / merge requests (PRs / MRs).
​Manual pull / merge requests.
See Language support for Fix Pull Request and Merge Requests.
Automatic pull / merge requests
For Projects imported via an SCM (Source Code Manager), Snyk offers the following types of automated pull / merge requests:
​Fix pull requests for new vulnerabilities​
​Fix pull requests to clear the backlog of vulnerabilities in priority order​
​Dependency upgrade pull requests​
Manual pull / merge requests for Project code
To generate a PR / MR directly from your Project using the Snyk UI:
1.Navigate to your Project from the Project list
2.Select the file
3.Select Open a Fix PR/MR or Fix this vulnerability
4.A preview screen appears, showing you what fixes will be applied
5.Click Open a Fix PR on this screen to generate the pull request
Open Fix PR to fix Open Source Project vulnerabilities
PRs use a branch naming convention based on the issues that they fix. When a PR already exists for a specific change, Snyk doesn't create a new one, even if that original PR is closed.
If you try to create a Fix PR which duplicates an existing one, an error may be displayed. If this happens, check if the branch already exists and re-open it.
Snyk SCM webhooks
To track pull request events, Snyk adds webhooks to your imported repositories (see GitHub and Git repository integrations).
Snyk uses these webhooks to:
Track the state of Snyk pull requests: when PRs are created, updated, triggered, merged, and so on.
Send push events to trigger PR checks

Troubleshooting Open Source vulnerability fixing

Automated pull request creation for new fixes

Last modified 2mo ago