# Analyze PR checks results

## PR checks results

After you [submit a pull request to fix vulnerabilities](https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/fix-your-vulnerabilities), PR Checks detects issues with a severity level that meets or exceeds your configured threshold and provides a report. Examine the report status and result to decide whether to merge the pull request.

You can change the default severity threshold either at the [Integration level](https://docs.snyk.io/scan-with-snyk/pull-requests/configure-pull-request-checks#configure-pr-checks-at-the-integration-level), or at the [Project level](https://docs.snyk.io/scan-with-snyk/pull-requests/configure-pull-request-checks#configure-pr-checks-at-the-project-level).

## Result status

Check the status of the PR Checks results in the integrated SCM to identify security issues that need to be addressed before merging a pull request.

The following status indicators can appear for your Snyk PR checks in the integrated SCM:

<table><thead><tr><th width="212">Result status</th><th>Description</th></tr></thead><tbody><tr><td><strong>Success/Passed</strong></td><td>No issues were discovered and the manifest file was not changed.</td></tr><tr><td><strong>Pending</strong></td><td>The PR Checks are still running.</td></tr><tr><td><strong>Failed/Issues found</strong></td><td>Security issues were identified in the pull request. In this scenario, you need to manually set the result status to <strong>Passed</strong>.</td></tr><tr><td><strong>Error</strong></td><td>Out-of-sync package.json and package.lock files, failure to find or to read the manifest file.</td></tr><tr><td><strong>Canceled</strong></td><td>The test limit has been reached.</td></tr></tbody></table>

{% hint style="info" %}
For false positive or false negative results, see [Troubleshooting PR Checks](https://docs.snyk.io/scan-with-snyk/pull-requests/pull-request-checks/troubleshoot-pr-checks).
{% endhint %}

## Example: fix dependency issues with PR checks

Consider the following end-to-end scenario, including specific actions such as triggering a Fix PR and marking a **Failed** result as **Passed**. You can take these actions in relation to the information provided by the PR Checks. This example shows taking the steps for a [GitHub integration](https://docs.snyk.io/developer-tools/scm-integrations/organization-level-integrations/github) as follows:

1. [Trigger a fix for an individual dependency](#trigger-a-fix-for-an-individual-dependency) to remediate that version's vulnerabilities.
2. [Open a Fix PR](#open-a-fix-pr) to open a pull request in GitHub.
3. [Analyze PR Checks results and set status](#analyze-pr-checks-result-and-set-status) to merge the pull request.

{% hint style="info" %}
Before you begin, check the [Prerequisites for automated PR Checks](https://docs.snyk.io/scan-with-snyk/pull-requests/configure-pull-request-checks#prerequisites-for-automated-pr-checks) to make sure you have Snyk configured and the role defined.
{% endhint %}

### Trigger a fix for an individual dependency

1. Log in to the Snyk Web UI.
2. Navigate to **Projects**.
3. Expand the target containing your Project.
4. Click a Project name to open it and select **package.json** to check for open-source and licensing issues.
5. In the **Issues** tab, find the dependency or specific vulnerability and, if a fix is available, click the **Upgrade to X.X.X** button at the bottom of the card and select **Fix this vulnerability**. For example, the jsonwebtoken can be upgraded from version 0.4.0 to version 5.0.0, fixing a number of vulnerabilities.

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-0260b936fc04edc0b3bba8fffb215fc43f953a29%2FPR-checks-fix-dependencies-issue.png?alt=media" alt=""><figcaption><p>Updating a dependency to remediate the Authentication Bypass issue and others found in version 5.0.0.</p></figcaption></figure>

6. (Optional) Select **Fix these vulnerabilities** at the top of the page to fix all dependency vulnerabilities with one pull request.

### Open a Fix PR

Confirm your selected issue and click **Open a Fix PR** to open a pull request in the GitHub integration.

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-25cbbdc548060bebd0d2500c902f8ec6a96d11b8%2FPR-checks-triggering-fix-pr.png?alt=media" alt=""><figcaption><p>Triggering a Fix PR for an individual issue in the dependencies project</p></figcaption></figure>

### Analyze PR checks result and set status

1. (Optional) Examine the pull request generated by [Snyk Bot](https://docs.snyk.io/developer-tools/scm-integrations/organization-level-integrations/github#commit-signing) in the Conversation tab in GitHub.
2. Find the conversation card showing the PR Checks results. For this example, the result is set to **Failed** and is manually changed to **Passed**.

{% hint style="info" %}
Issues that have previously been ignored via the Snyk Web UI in the associated Open Source or code analysis Project are not flagged in these checks. This reflects [ignored issues](https://docs.snyk.io/manage-risk/prioritize-issues-for-fixing/ignore-issues) across feature branch PRs.
{% endhint %}

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-37cb370eb51122b661ef2524e87011fa1fa3c01f%2Fgithub-pr-checks-card.png?alt=media" alt="PR Checks card in the Conversations tab, GitHub."><figcaption><p>PR Checks card in the Conversations tab, GitHub</p></figcaption></figure>

3. Expand list of files that have been checked for this issue.
4. (Optional) Click **View test page** to examine the issue details.\
   \
   You can get a complete picture of the vulnerability by clicking **Show more detail** for technical security information and remediation options.\
   \
   To return to the main issue page, click **Project**.

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-a7100cadee29d025d39a0952c5a63d8cbeb782c2%2Fresult_page_PR_Checks.png?alt=media" alt="Overview of PR Checks result."><figcaption><p>Overview of PR Checks result</p></figcaption></figure>

5. **Mark as successful in SCM** to change the result status and merge the pull request with failed security issues.

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-d55b1cbd282b2a38d92c48169708bc7b578e0357%2Fgithub-mark-result-successful.png?alt=media" alt="Marking PR Checks result as successful."><figcaption><p>Marking PR Checks result as successful</p></figcaption></figure>

{% hint style="warning" %}
Marking a vulnerability as successful does not ignore the issue but only allows the security checks for the PR to pass in this current branch. If the issue is not fixed, it shows up in future commits and PR Checks after you merge it with the target branch.
{% endhint %}

The issue is marked as **Passed** and shows up as **Skipped** in the PR Checks card in GitHub.

## SCM integrations

### GitLab

Snyk sets the status on a merge request's latest pipeline based on scan results and the project's CI/CD configuration for merged results, merge requests, and branch pipelines. This feature blocks merge requests with security issues when the "Pipelines must succeed" [setting](https://docs.gitlab.com/user/project/merge_requests/auto_merge/#require-a-successful-pipeline-for-merge) is enabled.

## Troubleshooting PR checks

[Troubleshooting PR Checks](https://docs.snyk.io/scan-with-snyk/pull-requests/pull-request-checks/troubleshoot-pr-checks) has more information on how to troubleshoot PR checks or how to restart them.