Pull Request Experience
Last updated
Was this helpful?
Last updated
Was this helpful?
The Snyk Pull Request Experience reduces context switching by displaying additional information about the PR Check scan results in the pull request.
The following features are part of the Pull Request Experience:
Snyk PR Checks must be enabled. For more information, see Configure Pull Request Checks.
For the GitHub integration, a specific GitHub account needs to be set to open fix and upgrade PRs. The Personal Access Token (PAT) configured in this way is required by the Pull Request Experience to provide a consistent comment experience. See Opening fix and upgrade pull requests from a fixed GitHub account for more information.
For inline comments, the Code analysis PR checks setting needs to be enabled at the integration level. In the Snyk Web UI, under Settings > Integrations > Edit settings, verify that the option is enabled under Pull request status checks > Code analysis. If "Code analysis" is not visible, please reach out to your Snyk account team to enable Snyk Code for your account. If it is already enabled, check under Settings > Snyk Code to ensure it is turned on.
Release status
Issue Summary Comment for Snyk PR Checks is in Early Access.
The Issue Summary Comment feature adds a comment to each pull request, summarizing the latest PR Check results. The summary includes the type of checks performed and a breakdown of the findings by severity. Select View Details to access the PR Check details in the Snyk Web UI.
Release status
Inline Comments for Snyk PR Checks is in Early Access and available only for Snyk Code PR Checks.
The Inline Comments feature adds a detailed comment for each issue identified by the Snyk Code Pull Request Check. Each comment includes the severity level, the name and a short description of the issue, helpful links for further information, and, if applicable, the data flow.
This feature is limited to 10 inline comments at Pull Request level. The Summary Comment will display a message if the cap is surpassed.
You can configure the Pull Request Experience at the Integration level for your Snyk Organization.
The Pull Request Experience is set up individually for each integration. If you have multiple integrations, you need to configure the Pull Request Experience separately for each one.
Configure the Pull Request Experience for one or more integrations in your Snyk Organization, for which PR Checks are also enabled.
In the Snyk Organization you wish to activate and configure the Pull Request Experience for, navigate to Settings, Integrations and select Edit settings your connected source code manager to open the settings configuration.
Configure and save the following changes:
Enable issue summary comment: Enable this option to create an Issue Summary Comment on each pull request, which aggregates the PR Check results. If it is disabled, the entire Pull Request Experience is disabled.
Create comments for success cases: By default, an Issue Summary Comment is created even if no vulnerabilities are detected by the PR Check. Disable this option to stop creating Issue Summary Comments for non-failing PR Checks.
Enable inline comments: Enable inline comments to add a comment for each issue found by Snyk Code PR Check.
For the GitHub integration, configure opening fix and upgrade pull requests from a fixed GitHub account, by providing a Personal Access Token (PAT), which has write permissions or above to the repos monitored by Snyk. See Opening fix and upgrade pull requests from a fixed GitHub account for more information.
Snyk Pull Request Experience is in Early Access and therefore subject to changes and improvements based on your feedback.
Snyk will continuously update this section during the Early Access period as limitations are resolved and new ones are identified.
Support for Snyk Pull Request Experience is available for GitLab and Azure Repos with the following limitations:
The Data Flow section in the inline comments is not available.
Inline comments for vulnerabilities introduced outside of modified lines are unavailable for GitLab.
Inline comments for Code Analysis done using Snyk Local Code Engine is unavailable.
Support for Snyk Pull Request Experience is available for Brokered integrations with the following limitation: the Data Flow section in the inline comments is available only for GitHub, GitHub Cloud App, Bitbucket Cloud, and Bitbucket Connect App.