Pull Request Experience

The Snyk Pull Request Experience reduces context switching by displaying additional information about the PR Check scan results in the pull request.

The following features are part of the Pull Request Experience:

• Issue Summary Comment

• Inline Comments

Prerequisites for the Snyk Pull Request Experience

• Snyk PR Checks must be enabled. For more information, see Configure Pull Request Checks.

• For the GitHub integration, a specific GitHub account needs to be set to open fix and upgrade PRs. The Personal Access Token (PAT) configured in this way is required by the Pull Request Experience to provide a consistent comment experience. See Opening fix and upgrade pull requests from a fixed GitHub account for more information.

• For inline comments, the Code analysis PR checks setting needs to be enabled at the integration level. In the Snyk Web UI, under Settings > Integrations > Edit settings, verify that the option is enabled under Pull request status checks > Code analysis. If "Code analysis" is not visible, please reach out to your Snyk account team to enable Snyk Code for your account. If it is already enabled, check under Settings > Snyk Code to ensure it is turned on.

Issue Summary Comment

The Issue Summary Comment feature adds a comment to each pull request, summarizing the latest PR Check results. The summary includes the type of checks performed and a breakdown of the findings by severity. Select View Details to access the PR Check details in the Snyk Web UI.

Inline Comments

The Inline Comments feature adds a detailed comment for each issue identified by the Snyk Code Pull Request Check. Each comment includes the severity level, the name and a short description of the issue, helpful links for further information, and, if applicable, the data flow.

Inline Comment Creation: Support Matrix

Inline comments are added directly to the specific file and line of code where the issue is found. Depending on the issue's position within the code and the SCM platform's capabilities, the ability to create an inline comment may be restricted. The table below outlines these limitations for different SCMs and issue locations:

Configure Pull Request Experience

You can configure the Pull Request Experience at the Integration level for your Snyk Organization.

Configure Pull Request Experience at the Integration level

Configure the Pull Request Experience for one or more integrations in your Snyk Organization, for which PR Checks are also enabled.

1. In the Snyk Organization you wish to activate and configure the Pull Request Experience for, navigate to Settings, Integrations and select Edit settings your connected source code manager to open the settings configuration.

2. Configure and save the following changes:

   1. Enable issue summary comment: Enable this option to create an Issue Summary Comment on each pull request, which aggregates the PR Check results. If it is disabled, the entire Pull Request Experience is disabled.

   2. Create comments for success cases: By default, an Issue Summary Comment is created even if no vulnerabilities are detected by the PR Check. Disable this option to stop creating Issue Summary Comments for non-failing PR Checks.

   3. Enable inline comments: Enable inline comments to add a comment for each issue found by Snyk Code PR Check.

For the GitHub integration, configure opening fix and upgrade pull requests from a fixed GitHub account, by providing a Personal Access Token (PAT), which has write permissions or above to the repos monitored by Snyk. See Opening fix and upgrade pull requests from a fixed GitHub account for more information.