Troubleshoot fixing vulnerabilities with Snyk Open Source

When you find a vulnerability, you have the opportunity to report that vulnerability to Snyk. For details, see Disclosure of a vulnerability in an open-source package.

Unable to open a pull request or merge request for issues found by Snyk

When you import a Project, either through integration or by using the CLI, both CLI and SCM projects receive fix advice, while SCM projects additionally offer the option to open a Fix PR.

Snyk does not open PRs for transitive dependencies. For more information, see Fixing transitive dependencies.

Languages supported for Fix Pull Requests or Merge Requests

Snyk can generate Fix Pull Requests (Fix PRs) or Merge Requests (MRs) for dependencies that may have a patch or an upgrade that will fix a vulnerability.

Snyk supports creating Fix PRs or MRs for the following languages:

PreviousDifferences in Open Source vulnerability counts across environments NextBazel - a build and test tool

Last updated 2 days ago

Was this helpful?