search
SupportSnyk LearnAPI referenceProduct updatesSign up for free
githubEdit

Snyk Pull or Merge Requests

In addition to providing fix advice, Snyk enables you create automatic or manual pull requests for supported package managers and ecosystems. To create PRs automatically in implementations with Snyk Broker, your administrator must upgrade to v4.55.0 or later.

circle-info

For the basic steps in fixing vulnerabilities, see Fix your vulnerabilities. To ensure your language is supported, see Languages supported for Fix Pull Requests or Merge Requests and Supported browsers pages.

circle-info

Administrators and account owners can manage the settings for Snyk upgrade pull requests from the Snyk Web UI at both the Organization and Project levels. You can configure whether the feature is enabled (the default) and specify the conditions under which Snyk should submit upgrade pull requests, if at all.

hashtag
Manual Fix PRs

For specific supported languages, you can create pull requests to remediate issues using the Snyk web UI. These combine Snyk fix advice with the list of remediated vulnerabilities to create a pull request that developers can review and merge into their repo's main branch.

You can start the process from any supported Project's open source vulnerability view.

Vulnerability view of an issue
circle-info

PRs use a branch naming convention based on the issues they fix. If a PR already exists for a specific change, Snyk does not create a new one, even if you closed the original PR.

If you try to create a duplicate fix PR, Snyk displays an error. To resolve this, check if the branch already exists and reopen the pull request.

hashtag
Defining Automatic Snyk PRs

For Projects imported through an SCM integration, Snyk offers automatic pull request generation for vulnerability fixes, package upgrades, and backlog vulnerabilities. To learn more, visit:

hashtag
Reviewing Snyk PRs

After Snyk submits a pull request on your behalf, you can view the pull request and all related details directly from the relevant repository.

To quickly review the pull request, hover over it. You can see the recommended upgrade and other pull request summary details:

Recommended upgrade
Recommended upgrade

Open the pull request to view in-depth details, including package release notes and vulnerabilities included in the recommended upgrade.

Pull request details
Pull request details

Click the Issue link from the table to view all details for the specified vulnerability directly from the Snyk database.

After you have reviewed the pull request, you can approve the merge.

hashtag
Generated Pull Requests report

Snyk provides a report for Enterprise customers that gives an overview of how Fix, Backlog, and Upgrade PRs are used and highlights the efficiency of PR merges. For more information, see Snyk Generated Pull Requests report.

hashtag
Snyk SCM webhooks

To track pull request events, Snyk adds webhooks to your imported repositories. For more information, see the GitHub and Git repository integrations.

Snyk uses these webhooks to:

  • Track the state of Snyk pull requests: when PRs are triggered, created, updated, merged, and so on.

  • Send push events to trigger PR checks.

PreviousPull RequestsNextEnable automatic Fix PRs

Last updated

Was this helpful?