Links

Configure Automatic fix PRs

Snyk supports backlog issues for GitHub, GitHub Enterprise, and Bitbucket Cloud integrations. The Automatic fix PRs feature is supported for the following integrations: BitBucket Server, BitBucket Cloud, BitBucket Connect, GitHub, GitHub Enterprise, GitLab, and Azure.
The Autofix PR settings may vary depending on the integration.
The fix strategy feature for getting dependency-oriented fixes is in beta. We'll be happy to get your feedback.
Known vulnerabilities retrieve vulnerabilities from the Project's backlog. These are the previously declared vulnerabilities.
The following rules are applied to automatic PR creation for vulnerabilities:
  • If a scan is manually run (you clicked Retest now for the Project), the 24-hour window is marked as having been run and no automatic PR is created until the next automated scan runs.
  • One pull request is created per Project (priority score of 700 and above only).
  • Pull requests are created based on the Test & Automated Pull Request Frequency settings. To update the Test & Automated Pull Request Frequency, go to Projects, select your open source and licensing Project, then go to Settings (see screenshot below).
Project testing and PR Checks frequency.
Project testing and PR Checks frequency
To know when your last 24-hour window was kicked off, check the Project page for Snapshot taken by recurring test.
Test information with focus on the latest snapshot taken.
Test information with a focus on the latest snapshot taken
For specific scan results, you can also check your inbox for an email titled [snyk] Vulnerability alert.

Configure Automatic fix PR at the integration level

Configure Automatic fix PR on a specific Git repository you have already integrated with Snyk, such as GitHub.
The configuration settings apply to all Projects in that Organization. You can also extend the configuration to Projects with custom settings.
  1. 1.
    Open Snyk Web UI and go to Settings
    > Integrations.
  2. 2.
    Select a Git repository integration (SCM). For this example, GitHub is configured.
  3. 3.
    Under Automatic fix PRs enable Known vulnerabilities (backlog).
Automatic fix PRs settings for Git integration.
Automatic fix PRs settings for Git integration
  1. 4.
    Select the Fix Strategy for your Backlog PRs.
  • By default, the fix strategy will be a single PR at the vulnerability level. Snyk opens a PR per day for issues in your backlog, fixing the top vulnerability it finds as described above.
  • Another option is checking the Fix all vulnerabilities for the same dependency in a single PR checkbox. This will pick the vulnerability with the highest priority, and suggest such a bump to solve it, as well as other vulnerabilities in the same dependency.
  1. 5.
    Save changes.
  2. 6.
    (Optional) Select Save changes and apply to all overridden Projects to extend the current configuration to Projects with custom settings (see Configure Automatic fix PR at the integration level). Use this option to apply the same configuration to all Projects.
Enabling Automatic fix PRs can result in larger version jumps.
Fix all vulnerabilities for the same dependency in a single PR.
Fix all vulnerabilities for the same dependency in a single PR

Configure Automatic fix PR at the Project level

You can configure Automatic fix PR to work only for specific Projects rather than inheriting the settings from the global integration. In this example, GitHub integration is used.
  1. 1.
    Go to Projects, then expand the target containing your open source Project.
  2. 2.
    Go to Settings > GitHub integration.
  3. 3.
    Under the Automatic fix pull requests section:
    • Select Customize for only this project
    • Enable Known vulnerabilities (backlog)
  4. 4.
    Select the Fix Strategy for your Backlog PRs as described in the Fix strategy step.
  5. 5.
    Save changes.
Automatic fix PRs settings at the Project level.
Automatic fix PRs settings at the Project level