Snyk Pull or Merge Requests

In addition to fixing advice, Snyk can automatically create pull requests (PRs) on your behalf to upgrade your dependencies based on the scan results. To create PRs automatically in implementations with Snyk Broker, your administrator should first upgrade to v4.55.0 or later.

Snyk provides actionable fix advice for vulnerabilities in your Open Source libraries through the following:

Automated Snyk PRs

For Projects imported through an SCM integration, Snyk offers the following types of automated pull and merge requests:

Manual Snyk PRs

Follow these steps to generate a PR or MR directly from your Project in the Snyk Web UI:

  1. Navigate to your Project from the Project list

  2. Select the Project.

  3. Select Open a Fix PR/MR or Fix this vulnerability. A preview screen appears, showing you what fixes will be applied.

  4. Click Open a Fix PR on this screen to generate the pull request.

Reviewing the Snyk PRs

After Snyk submits a pull request on your behalf, you can view the pull request and all related details directly from the relevant repository.

To quickly review the pull request, hover over it. You can see the recommended upgrade and other pull request summary details:

Open the pull request to view in-depth details, including package release notes and vulnerabilities included in the recommended upgrade.

Click the Issue link from the table to view all details for the specified vulnerability directly from the Snyk database.

After you have reviewed the pull request, you can approve the merge.

Snyk SCM webhooks

To track pull request events, Snyk adds webhooks to your imported repositories. For more information, see the GitHub and Git repository integrations.

Snyk uses these webhooks to:

  • Track the state of Snyk pull requests: when PRs are triggered, created, updated, merged, and so on.

  • Send push events to trigger PR checks.

Last updated

Was this helpful?