Troubleshooting Open Source vulnerability fixing

Unable to open a Pull Request/Merge Request for issues found by Snyk

You don't get a Fix PR button for your Project whenever you import it from your Source Control tool or run a scan. Snyk only opens PR for direct dependencies.

If your Project has transitive dependencies that contain vulnerabilities, Snyk does not open PRs against them (see Fixing transitive dependencies).

Languages supporting Fix Pull Requests or Merge Requests

When integrations are created within Snyk where the user has read and write permissions from respective integrations, Snyk can provide Fix PRs or MRs for dependencies that may have a patch or an upgrade that will fix a vulnerability.

Snyk supports the creation of Fix Pull Requests (Fix PRs) or Merge Requests (MRs) for the following languages:

Maven
.Net
NPM
Python
Ruby
Yarn

PreviousDifferences in Open Source vulnerability counts across environments NextAutomatic and manual PRs with Snyk Open Source

Last updated 2 years ago

Was this helpful?