PR Checks results
Results
After you submit a pull request to fix vulnerabilities the PR Checks detect issues with a severity level that meets or exceeds your configured threshold and provides a report. Examine the report status and result to decide on the pull request.
You can change the default severity threshold either at the Integration level, or at the Project level.
Result status
Check the status of the PR Checks results in the integrated SCM to identify security issues that need to be addressed before merging a pull request.
The following statuses can appear on your Snyk PR checks in the integrated SCM:
Success/Passed
No issues were discovered and the manifest file was not changed.
Pending
The PR Checks are still running.
Failed/Issues found
Security issues were identified in the pull request. In this scenario, you need to manually set the result status to Passed.
Error
Out-of-sync package.json and package.lock files, failure to find or to read the manifest file.
Canceled
The test limit has been reached.
Example: fix dependency issues with PR Checks
Consider the following end-to-end scenario, including specific actions such as triggering a Fix PR and marking a Failed result as Passed. You can take these actions in relation to the info provided by the PR Checks information. The steps of this scenario are taken using a GitHub integration and outlined as follows:
- Trigger a fix for an individual dependency issue to find and address vulnerabilities. 
- Open a Fix PR to open a pull request in GitHub. 
- Analyze PR Checks results and set status to merge the pull request. 
Trigger a fix for an individual dependency issue
- Log in to Snyk Web UI. 
- Go to Projects. 
- Expand the target containing your Project. 
- Click a Project name to open it and select package.json to check for open source and licensing issues. 
- In the Issues tab, find an individual issue card and select Fix this vulnerability. For this example, an Uninitialized Memory Exposure is selected. 

- (Optional) Select Fix these vulnerabilities at the top of the page to fix all dependency vulnerabilities with one pull request. 
Open a Fix PR
Confirm your selected issue and click Open a Fix PR to open a pull request in the GitHub integration.

Analyze PR Checks result and set status
- (Optional) Examine the pull request generated by Snyk Bot in the Conversation tab in GitHub. 
- Find the conversation card showing the PR Checks results. For this example, the result is set to Failed and is manually changed to Passed. 

- Click Details to open the list of files that have been checked for this issue. 
- (Optional) Click View test page to examine the issue details. You can get a complete picture of the vulnerability by clicking Show more detail, with technical security information and remediation options. To get back to the main issue page, click Project. 

- Mark as successful in SCM to change the result status and merge the pull request with failed security issues. 

Marking a vulnerability as successful does not ignore the issue but only allows the security checks for the PR to pass in this current branch. If the issue is not fixed, it shows up in future commits and PR Checks after you merge it with the target branch.
The issue is marked as Passed and shows up as Skipped in the PR Checks card in GitHub.

What's next?
To learn from an end-to-end example in Bitbucket, see the following Snyk Training course: Use Snyk to block builds in Bitbucket.
Last updated
Was this helpful?

