You can scan your open-source libraries using Snyk Open Source:

Prerequisites for using Snyk Open Source in the Web UI

Before scanning your open-source libraries with Snyk Open Source, ensure you have completed the quickstart steps.

View vulnerabilities in your open-source libraries

You can view vulnerability results for imported Projects. The Projects page appears by default after import, showing vulnerability information for the Snyk Projects you have imported, grouped into Targets, that is, the repositories you have scanned.

You can expand a Target to see vulnerability information for Projects, including the number of issues found, grouped by severity level:

Click a Project to open the issues page for that Project, where you will see the issue cards, showing the module where each issue was introduced, how to fix it, and more details about the vulnerability itself.

Fix vulnerabilities in your open-source libraries

For some languages, Snyk can fix vulnerabilities using fix pull/merge requests. For more information, see Automatic and manual PRs with Snyk Open Source.

Navigate to the Issues card for a Project:

To fix vulnerabilities:

  1. Click Fix this vulnerability to open a fix PR for this issue; click Fix these vulnerabilities to fix multiple issues.

  2. The Open a Fix PR screen opens, displaying the selected vulnerabilities.

  3. Check or uncheck the issues you want to fix or remove from this fix.

  4. Scroll to the bottom of the screen and click Open a Fix PR.

  5. Snyk acts on the PR and displays a results screen.

  6. Optionally, select the Files changed tab to see details of the changes made.

