Analyze PR Checks results
PR Checks results
After you submit a pull request to fix vulnerabilities, PR Checks detects issues with a severity level that meets or exceeds your configured threshold and provides a report. Examine the report status and result to decide whether to merge the pull request.
You can change the default severity threshold either at the Integration level, or at the Project level.
Result status
Check the status of the PR Checks results in the integrated SCM to identify security issues that need to be addressed before merging a pull request.
The following status indicators can appear for your Snyk PR checks in the integrated SCM:
| Result status | Description |
|---|---|
Success/Passed | No issues were discovered and the manifest file was not changed. |
Pending | The PR Checks are still running. |
Failed/Issues found | Security issues were identified in the pull request. In this scenario, you need to manually set the result status to Passed. |
Error | Out-of-sync package.json and package.lock files, failure to find or to read the manifest file. |
Canceled | The test limit has been reached. |
For false positive or false negative results, see Troubleshooting PR Checks.
Example: fix dependency issues with PR Checks
Consider the following end-to-end scenario, including specific actions such as triggering a Fix PR and marking a Failed result as Passed. You can take these actions in relation to the information provided by the PR Checks. This example shows taking the steps for a GitHub integration as follows:
Trigger a fix for an individual dependency issue to find and address vulnerabilities.
Open a Fix PR to open a pull request in GitHub.
Analyze PR Checks results and set status to merge the pull request.
Before you begin, check the Prerequisites for automated PR Checks to make sure you have Snyk configured and the role defined.
Trigger a fix for an individual dependency issue
Log in to the Snyk Web UI.
Navigate to Projects.
Expand the target containing your Project.
Click a Project name to open it and select package.json to check for open-source and licensing issues.
In the Issues tab, find an individual issue card and select Fix this vulnerability. For this example, an Uninitialized Memory Exposure is selected.
(Optional) Select Fix these vulnerabilities at the top of the page to fix all dependency vulnerabilities with one pull request.
Open a Fix PR
Confirm your selected issue and click Open a Fix PR to open a pull request in the GitHub integration.
Analyze PR Checks result and set status
(Optional) Examine the pull request generated by Snyk Bot in the Conversation tab in GitHub.
Find the conversation card showing the PR Checks results. For this example, the result is set to Failed and is manually changed to Passed.
Issues that have previously been ignored via the Snyk Web UI in the associated Open Source or code analysis Project are not flagged in these checks. This reflects ignored issues across feature branch PRs.
Click Details to open the list of files that have been checked for this issue.
(Optional) Click View test page to examine the issue details. You can get a complete picture of the vulnerability by clicking Show more detail, with technical security information and remediation options. To return to the main issue page, click Project.
Mark as successful in SCM to change the result status and merge the pull request with failed security issues.
Marking a vulnerability as successful does not ignore the issue but only allows the security checks for the PR to pass in this current branch. If the issue is not fixed, it shows up in future commits and PR Checks after you merge it with the target branch.
The issue is marked as Passed and shows up as Skipped in the PR Checks card in GitHub.
Troubleshooting PR Checks
Troubleshooting PR Checks has more information on how to troubleshoot PR Checks or how to restart them
What's next?
To learn from an end-to-end example in Bitbucket, see the following Snyk Learn course: Use Snyk to block builds in Bitbucket.
Last updated
