Configure Pull Request checks
Feature availability
PR Checks for Bitbucket Server integrations require Bitbucket Server version 7.4 and above, or Bitbucket Data Center version 8 or above. When using a brokered connection Snyk Broker version 4.206 and above is required.
Prerequisites for automated PR Checks
To check for open-source and licensing issues and code security, ensure that you have established the following:
You have the Group Admin role so you have access to all integration settings. See Member roles.
You have set up a Git repository integration. For help, see the Snyk Learn course Source code manager configuration.
Import a Project to have a working Git repository.
For code security (Snyk Code), meet all of the above conditions and then contact your Snyk representative to enable the feature for you.
PR Checks rely on webhooks from the SCM. Integration scope must include the ability to create webhooks.
A PR Check is counted as a test within your Organization's test count, including automatic checks of new commits in an open pull request. See What counts as a test. The number of tests allowed is determined by the pricing plans.
Types of Snyk scans supported
You can analyze the changed code with PR Checks as follows:
Snyk Code: Source code changes result in a vulnerability that exceeds a specified threshold. A full scan of the repository is done to determine if there are new vulnerabilities.
Snyk Open Source: Snyk analyzes dependency manifest or supported files for known security vulnerabilities that meet a threshold, such as exceeding severity, or checks to determine whether a fix is available.
Open Source license check: Snyk validates package licenses against the configured policy for license policy violations.
PR Checks also support all programming languages and frameworks supported by the Snyk Code and Open Source engines. For more information, see Supported languages, package managers, and frameworks.
How configuration of PR Checks works
You can configure PR Checks either at the Integration level for your Snyk Organization or for specific Snyk Projects in an Organization.
In your Organization, you can have multiple repository integrations, but the feature works only for those integrations that have PR Checks configured.
At the Project level, the settings are inherited from the integration by default, but you can configure custom settings.
Configure PR Checks at the integration level
Configure PR Checks for a specific Git repository you have already integrated with Snyk, such as a GitHub repository.
The configuration settings apply to all Projects in that Organization. You can also extend the configuration to Projects with custom settings.
In the Snyk Web UI, navigate to Settings > Integrations and select your connected source code manager to open the settings configuration.
To check for code issues, configure and save the following changes:
PR Checks that are configured to “Only fail when the issues found have a fix available” rely on Snyk FixPR support and, therefore, will not alert for projects in languages that do not support FixPR Checks.
A PR test is configured to be optional or blocking within your source control management platform, such as GitHub’s branch protection rules. To learn more on issue prevention, visit Phase 6: Rolling out the prevention stage.
If you cannot see the Code Analysis section, ensure that your user has the Group Admin role assigned and that the feature is enabled for Snyk Code. See the Prerequisites.
To check for open-source and licensing issues, configure and save the following changes:
When switched on, this will cause the PR check to fail when the PR introduces new vulnerabilities that are fixable by Snyk. PR checks will not fail on newly introduced vulnerabilities if Snyk is unable to fix them.
Either click Save to save the changes, select the Save dropdown and click Apply changes to all overridden Projects to extend the current configuration to Projects with custom settings. For more information, see Configure PR Checks at the Project level.
Configure PR checks at the Project level
You can configure PR checks to work only for specific Projects:
Navigate to Projects and expand the target containing your Project.
Click a Project name to open it. Based on the Project type, you can choose the following:
package.json to check for open-source and licensing issues.
Code analysis to check for security issues in your code.
Navigate to Settings.
On the left side, select your integration. For this example, GitHub has been integrated with Snyk.
Configure Project settings based on your Project type:
Configure for open source and licensing issues (click to expand)
In Snyk test for pull request select Custom to configure the settings.
Enable the option to fail the PR when open-source and licensing issues found in the proposed changes exceed your specified severity threshold.
Configure the following settings:
Update Snyk pull request settings to save changes.
Configure for code analysis (click to expand)
In Snyk Code for pull request select Custom to configure the settings.
Enable this option to fail the PR when the security issues found in the proposed changes exceed your specified severity threshold.
Configure the following settings:
Update Snyk pull request settings to save changes.
Last updated
Was this helpful?