Configure Pull Request Checks
Release status
PR Checks for Snyk Code are in Closed Beta and available only for Enterprise plan users. If you want to set it up in your Organization, contact your Snyk account team. For more information, see Plans and Pricing.
Prerequisites for automated PR Checks
To check for open-source and licensing issues and code security, ensure that you have established the following:
You have the Group Admin role so you have access to all integration settings. See Member roles.
You have set up a Git repository integration. For help, see the Snyk Learn course Source code manager configuration.
Import a Project to have a working Git repository.
For code security (Snyk Code), meet all of the above conditions and then contact your Snyk representative to enable the feature for you.
PR Checks rely on webhooks from the SCM. Integration scope must include the ability to create webhooks.
A PR Check is counted as a test within your Organization's test count, including automatic checks of new commits in an open pull request. See What counts as a test. The number of tests allowed is determined by the pricing plans.
Types of Snyk scans supported
You can analyze the changed code with PR Checks as follows:
(Closed Beta) Snyk Code: Source code changes result in a vulnerability that exceeds a specified threshold. A full scan of the repository is done to determine if there are new vulnerabilities.
Snyk Open Source: Snyk analyzes dependency manifest or supported files for known security vulnerabilities that meet a threshold, such as exceeding severity, or checks to determine whether a fix is available.
Open Source license check: Snyk validates package licenses against the configured policy for license policy violations.
PR Checks also support all programming languages and frameworks supported by the Snyk Code and Open Source engines. For more information, see programming language support for Snyk Code and Open Source.
How configuration of PR Checks works
You can configure PR Checks either at the Integration level for your Snyk Organization or for specific Snyk Projects in an Organization.
In your Organization, you can have multiple repository integrations, but the feature works only for those integrations that have PR Checks configured.
At the Project level, the settings are inherited from the integration by default, but you can configure custom settings.
Configure PR Checks at the integration level
Configure PR Checks for a specific Git repository you have already integrated with Snyk, such as a GitHub repository.
The configuration settings apply to all Projects in that Organization. You can also extend the configuration to Projects with custom settings.
In the Snyk Web UI, navigate to Settings > Integrations and select your connected source code manager to open the settings configuration.
To check for code issues, configure and save the following changes:
If you cannot see the Code Analysis section, ensure that your user has the Group Admin role assigned and that the feature is enabled for Snyk Code. See the Prerequisites.
To check for open-source and licensing issues, configure and save the following changes:
Only fail for high or critical severity issues: Select additional failure conditions based on the severity threshold.
Only fail when the issues found have a fix available: Set this condition on for the PR check to fail when the PR introduces new vulnerabilities that are fixable by Snyk. PR checks don't fail on newly introduced vulnerabilities if Snyk is unable to fix them.
When switched on, this will cause the PR check to fail when the PR introduces new vulnerabilities that are fixable by Snyk. PR checks will not fail on newly introduced vulnerabilities if Snyk is unable to fix them.
Either click Save to save the changes, select the Save dropdown and click Apply changes to all overridden Projects to extend the current configuration to Projects with custom settings. For more information, see Configure PR Checks at the Project level.
Configure PR Checks at the Project level
You can configure PR Checks to work only for specific Projects:
Navigate to Projects and expand the target containing your Project.
Click a Project name to open it. Based on the Project type, you can choose the following:
package.json to check for open-source and licensing issues.
Code analysis to check for security issues in your code.
Navigate to Settings.
On the left side, select your integration. For this example, GitHub has been integrated with Snyk.
Configure Project settings based on your Project type:
Last updated