Project Remediation Advice

Remediate vulnerabilities

Snyk knowledge of the transitive dependencies in your project makes it easy for Snyk to offer remediation advice. Snyk can fix vulnerabilities in two ways. Snyk can upgrade the direct dependencies to a vulnerability free version, or it can patch the vulnerability.

Snyk supports the following workflows to help developers remediate their vulnerabilities.

  1. Synk generates automatic git pull requests (PRs) using GitHub, GitLab, or Bitbucket PR workflows. Snyk executes this as a nightly workflow.

  2. Snyk users use the Open a fix PR feature in the Snyk UI.

  3. Snyk users use the fix this vulnerability feature on a specific issue card in the Snyk UI.

For more details on remediation using Snyk, please see the Snyk documentation.

In this workshop, we will perform the fix this vulnerability option.

Generating automatic pull requests

Snyk generates automatic pull requests for your projects using the source control integration associated with your organization. To check the setting, select the integrations tab at the top of the Snyk UI and select your source control repository. Click the gear icon for your source control and review the settings. This setting can be configured on our per-project basis or for an entire organization.

This setting should be set from our initial configuration of GitHub

Snyk will issues PRs for your projects when they are ready. You can view the PR in GitHub (GitLab and Bitbucket have similar views) by select the Pull Request tab at the top of the git repository. Keep in mind, Synk generates PRs overnight, and multiple pull requests exist for different dependencies.

SPC will generate a PR given enough time.

Open a fix PR

The Snyk UI offers the ability to create Pull Requests directly from the project. To generate a PR find your SPC project from the list of projects and select the pom.xml file.

Select the Open a fix PR and Snyk will start with the workflow to generate a PR for SPC. Prior to sending the PR to GitHub, the Snyk UI will show you what will be fixed by the PR, any partial fixes, and anything that will not be fixed. Submit the PR to GitHub and visit your GitHub repository Pull Request tab to view the Pull Request.

Fix this vulnerability

Snyk's fix this vulnerability workflow is the same as the open a PR fix workflow. When generating a PR, only the specified vulnerability issue is selected in the PR, as shown below. Find the Cross-site Scripting (XSS) vulnerability and start the PR workflow.

Verify the issue is selected and complete the PR request.