Fix your vulnerabilities

Snyk helps you to fix vulnerabilities by upgrading the direct dependencies to a vulnerability-free version or by patching the vulnerability. After Snyk scans your Projects, the scan results allow you to resolve issues in your code with the help of clear suggestions and explanations.

Using Snyk Open Source, you can do the following:

View scan results on the Snyk Web UI

From Snyk Open Source, for each tab, both upgrade and patch, in the fix advice area of your Project details, results are displayed as follows:

  • The total number of packages that can be fixed is displayed in the tab title.

  • Groups of vulnerabilities by package are shown, labeled by the upgrade or fix that is recommended.

  • Packages are listed and can be expanded to show the full list of vulnerabilities affecting the package.

  • All the vulnerabilities found in your dependencies are displayed further down the page, together with contextual information that can help you prioritize the issues and start fixing them if required.

View Fix Advice

The Fix Advice area appears on the Project details page. Snyk offers you one of these solutions:

  • An upgrade to the original package.

  • Pinning a package, installing a package as a top-level dependency; that is, a specific version of an indirect dependency. This avoids having a direct dependency pull in a vulnerable version.

  • A Snyk precision patch to fix the issue. If an upgrade to fix any of the vulnerabilities in the package is not currently available, Snyk offers patches to fix the issues

The summary area groups advice by package, and is displayed based on the best available fix. Advice in these summary lists includes these details for each package:

  • All vulnerability names and severity details affecting that package

  • The recommended fix, a link to the recommended fix for this package and its listed vulnerabilities: either the specific version to which to upgrade or the name of the patch

You can also find additional advice and details further down on the Project details page:

  • From the Issues, tab, a full description per vulnerability

  • From the Dependencies tab, the entire tree of your Project dependencies, enabling you to clearly visualize affected paths

Fixing vulnerabilities based on scan results using Snyk CLI

For information about fixing vulnerabilities, see Fix vulnerabilities using the Snyk CLI.

Apply fixes

To apply fixes, you can:

Automatic Fix PRs When a new fixable vulnerability is found, Snyk can attempt to open a new pull request automatically. See Automated pull request creation for new fixes for details.

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.