Enable Snyk to regularly check your dependency health, recommend dependency upgrades and automatically submit PRs for upgrades on your behalf for a specific project.
Once configured, Snyk automatically creates PRs for all necessary dependencies as upgrades become available for the specific project.
Notes: These settings override any settings configured at the Integration level.
To configure automatic upgrade PRs for a specific project:
For use with Broker, your admin should first upgrade to v4.55.0.
Navigate to the organization for which you would like to enable automatic upgrade PRs and then click Projects.
Navigate to the relevant project and click the Settings cog .
From the Settings area, click on the integration settings from the left panel menu.
(Note: These settings only apply to integration for that one project)
From settings that load, scroll to the Automatic dependency upgrade pull requests and click Disabled.
From the options that appear:
Snyk creates PRs up to a maximum of 10 open simultaneously - per repo. To limit this number further, select the maximum number of PRs from the dropdown list. For further information about this, read more about how it works.
In the Dependencies to ignore field, enter the exact name of any dependencies that should not be handled as part of the automatic functionality. This field accepts only lower case letters.
Settings are saved. Every time Snyk scans this project now, it automatically submits upgrade PRs based on results. If a newer version is released for an existing Snyk upgrade PR or for an existing fix PR, the existing PR must be closed or merged before Snyk can raise a new PR.