How do I solve a vulnerability using a Pull Request (PR)?

  • 13 January 2023
  • 0 replies
  • 20 views

Assume we have a repository with loads of vulnerabilities. It will take time to go through each one of them and potentially fix them. Luckily, Debricked offers the ability to open a pull request where it tries to solve as many vulnerabilities as possible at once.

 

Support for pull requests

Currently, we only support pull requests for certain package managers and integrations using the GitHub app, GitLab or Azure DevOps. For information regarding the support of your package manager, check out our language support.

 

Using the UI

  1. In a repository, click on "Generate pull request" to let the tool update your dependencies, in order to solve vulnerabilities, and create a pull request for you.

  2. When the pull request is created, you can view in by clicking "View generated fix".

  3. When the pull request is merged, you will notice a decrease in the number of vulnerabilities.

 

Set a commit message

Once you press the "Pull Request" button, a new modal is displayed where it is possible to set your own commit message. If you choose not to provide a message, by default the message will be "Fix CVE-XXX" or "Bulk fix vulnerabilities", depending on the type of Pull Request that is created. 

 

Solve a single vulnerability using PRs

It is possible to solve a specific vulnerability in a repository using pull requests, instead of multiple CVEs at once as in the example above.

 

These are the steps for solving a specific vulnerability:

  1. In a repository, click on the specific vulnerability you wish to remediate.

  2. In the CVE view, click the "Open pull request" button. You can see the vulnerable version(s) and the proposed change.

  3. Click on confirm to execute the changes.

 


0 replies

Be the first to reply!

Reply