Configure Pull Request Checks

Release status

PR Checks for Snyk Code are in Closed Beta and available only for Enterprise plan users. If you want to set it up in your Organization, contact your Snyk account team. For more information, see Plans and Pricing.

Prerequisites for automated PR Checks

To check for open-source and licensing issues and code security, ensure that you have established the following:

PR Checks rely on webhooks from the SCM. Integration scope must include the ability to create webhooks.

A PR Check is counted as a test within your Organization's test count, including automatic checks of new commits in an open pull request. See What counts as a test. The number of tests allowed is determined by the pricing plans.

Types of Snyk scans supported

You can analyze the changed code with PR Checks as follows:

  • (Closed Beta) Snyk Code: Source code changes result in a vulnerability that exceeds a specified threshold. A full scan of the repository is done to determine if there are new vulnerabilities.

  • Snyk Open Source: Snyk analyzes dependency manifest or supported files for known security vulnerabilities that meet a threshold, such as exceeding severity, or checks to determine whether a fix is available.

  • Open Source license check: Snyk validates package licenses against the configured policy for license policy violations.

PR Checks also support all programming languages and frameworks supported by the Snyk Code and Open Source engines. For more information, see programming language support for Snyk Code and Open Source.

How configuration of PR Checks works

You can configure PR Checks either at the Integration level for your Snyk Organization or for specific Snyk Projects in an Organization.

  • In your Organization, you can have multiple repository integrations, but the feature works only for those integrations that have PR Checks configured.

  • At the Project level, the settings are inherited from the integration by default, but you can configure custom settings.

Configure PR Checks at the integration level

Configure PR Checks for a specific Git repository you have already integrated with Snyk, such as a GitHub repository.

The configuration settings apply to all Projects in that Organization. You can also extend the configuration to Projects with custom settings.

  1. In the Snyk Web UI, navigate to Settings > Integrations and select your connected source code manager to open the settings configuration.

  2. To check for code issues, configure and save the following changes:

If you cannot see the Code Analysis section, ensure that your user has the Group Admin role assigned and that the feature is enabled for Snyk Code. See the Prerequisites.

  1. To check for open-source and licensing issues, configure and save the following changes:

When switched on, this will cause the PR check to fail when the PR introduces new vulnerabilities that are fixable by Snyk. PR checks will not fail on newly introduced vulnerabilities if Snyk is unable to fix them.

  1. Either click Save to save the changes, select the Save dropdown and click Apply changes to all overridden Projects to extend the current configuration to Projects with custom settings. For more information, see Configure PR Checks at the Project level.

Configure PR Checks at the Project level

You can configure PR Checks to work only for specific Projects:

  1. Navigate to Projects and expand the target containing your Project.

  2. Click a Project name to open it. Based on the Project type, you can choose the following:

  • package.json to check for open-source and licensing issues.

  • Code analysis to check for security issues in your code.

  1. Navigate to Settings.

  2. On the left side, select your integration. For this example, GitHub has been integrated with Snyk.

  3. Configure Project settings based on your Project type:

Configure for open source and licensing issues (click to expand)
  1. In Snyk test for pull request select Custom to configure the settings.

  2. Enable the option to fail the PR when open-source and licensing issues found in the proposed changes exceed your specified severity threshold.

  3. Configure the following settings:

  1. Update Snyk pull request settings to save changes.

Configure for code analysis (click to expand)
  1. In Snyk Code for pull request select Custom to configure the settings.

  2. Enable this option to fail the PR when the security issues found in the proposed changes exceed your specified severity threshold.

  3. Configure the following settings:

  1. Update Snyk pull request settings to save changes.

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.