Fix your first vulnerability

Introduction

Recap You have viewed Snyk Projects and understood their vulnerabilities.

You can now start to resolve these vulnerabilities.

How can I resolve an issue?

When we open a Snyk Project file, we see the list of issues Snyk has found in this Project, and we can research each issue, using Snyk and other sources of information.

Different actions may be available for each vulnerability:

Fix the vulnerability immediately, by raising a Fix PR. See "Fix this vulnerability" function.
Ignore the vulnerability, permanently or temporarily. See Ignore the vulnerability.
Assign the vulnerability to research and fix (see Assign fix work and Fix your first vulnerability - deeper dive)

Snyk fix functions available depend on the vulnerability and the type of scanning.

"Fix this vulnerability" function

Reminder We use GitHub in this example, most other supported Git code repository integrations work in a similar way. See Git repository integrations (SCMs) for details.

For vulnerabilities in open-source libraries, Snyk provides an option to create a Pull Request (PR) to upgrade dependencies to the latest version of a package. This upgrade PR will fix the vulnerability, removing it from your code.

Access this function using the Fix this Vulnerability button on the issue card:

Click "Fix this vulnerability" to create a PR

Snyk then prompts you to confirm your vulnerability selection:

Your PR is selected by default, but you may wish to raise a PR to upgrade other libraries by selecting them

This list of all fixes may be overwhelming - you may only want to fix the vulnerability you’ve done the research on and know about.

Finally, click Open a fix PR at the bottom of that screen to generate a fix PR:

Generate the fix PR for your vulnerability

You can then manage this change as you would for any standard code PR in your development process.

More information

Docs: See Fixing vulnerabilities for an overview, and Fixing and prioritizing issues for more details.
Training: see Fix PRs.

Ignore the vulnerability

Snyk also provides an option to ignore a vulnerability, temporarily or permanently; for example, if we think it may not affect us, or if we think it’s a false positive. If you select to ignore a vulnerability, it doeSees not appear in subsequent scans for that Snyk Project.

Access this function using click Ignore button on the issue card:

More information

Docs: see Ignore issues
Training: see Ignore strategies

Fix issues for other types of scan

This example showed you how to apply a fix to an open-source vulnerability. Depending on what items you scan, you can use other Snyk products to resolve issues:

For scan items built into a container, such as a Docker file, see Analysis and fixes for your images from the Snyk Web UI.
For Kubernetes deployment files, terraform and other IaC files, see Using Snyk IaC with the Web UI.
To scan your team's own code, see Exploring the Fix analysis page.

What's next?

This example shows how to make a simple upgrade to a dependency, based on Snyk advice. Typically, fixes can be more complex than this.

Next, let's take a deeper dive into fixing a vulnerability in your code.

PreviousUnderstand your vulnerabilities NextFix your first vulnerability - deeper dive

Last updated 2 years ago

Was this helpful?