LogoLogo
WebsitePricingBlog
  • Debricked Documentation
  • Overview
    • Getting started
      • Create a OpenText Core SCA account
      • Running OpenText Core SCA
    • Help
      • Frequently asked questions (FAQ)
      • Upgrade your account
      • Get help in OpenText Core SCA tool
    • Language support
      • C# - Nuget, Paket
      • CycloneDX SBOM
      • Go - Go Modules, Go Dep, Bazel
      • Java & Kotlin - Gradle, Maven, Bazel
      • JavaScript - NPM, Yarn, Bower
      • Objective-C - CocoaPods
      • PHP - Composer
      • Python - Pip, Pipenv
      • Ruby - RubyGems
      • Rust - Cargo
      • Swift - CocoaPods
      • Linux package managers
      • Scala - SBT
    • Security overview
  • Product
    • Vulnerability management
      • Security terms
      • Data sources
      • See your data
      • Pull Requests (PR)
        • Enable Pull Request support
        • Solve vulnerabilities using Pull Requests (PR)
        • Solve vulnerabilities using Pull Requests (PR) via API
      • Set a review status
        • Snooze or pause a review status
      • Reachability Analysis
        • Set up Reachability Analysis for Java
        • Set up Reachability Analysis for Go
      • Solve vulnerabilities manually with root fixes
    • License risk management
      • Licence families
      • License risks
      • Set up a use case
        • Set up a use case using API
      • Proxy non-standard license identifiers
    • Project health
      • Contributors
      • Popularity
      • Security
    • Open source select
      • Search projects
      • Compare projects
      • View more details
      • Start left policies
      • OpenText Core SCA Select Browser Extension
      • End of Life (EOL)
    • Automation
      • Create an automation rule
      • Edit an automation rule
      • Default automation rules
      • Set up webhooks
      • Policies
      • Monitoring
    • Exporting or SBOM
      • Overview
      • License export
      • Vulnerability export
      • SBOM export
        • CycloneDX SBOM export
        • SPDX SBOM export
    • Administration
      • Generate access token
      • Account
        • Change your password
        • Delete your account
        • Delete company account
      • Billing
        • Manage contributing developers
        • Manage billing frequency
        • Manage payment methods
        • Access invoices
        • Manage your subscription
      • Settings
        • Enable and disable snoozing vulnerabilities
        • Supported language for Debricked tool
        • View logged events
        • Two-Factor Authentication (2FA)
      • Users
        • User roles (freemium and premium)
        • Role-Based Access Control (Enterprise)
        • Manage users
          • Add a new user
      • Repositories
        • Default Branch
        • Repository groups
        • Manually upload a dependency file
        • Manage your commits
  • Tools & Integrations
    • Command Line Interface (CLI)
      • Debricked CLI
        • High performance scans
        • File fingerprinting
      • Legacy CLI
    • CI/CD integrations
      • GitHub
      • CircleCI
      • BuildKite
      • GitLab
      • Bitbucket
      • Azure DevOps
      • Argo workflows
      • Travis CI
      • Jenkins
      • Bamboo
      • TeamCity
    • Fortify on Demand (FoD)
    • Fortify Software Security Center (SSC)
    • Debricked APIs
      • Open source select API
    • Integrated Development Environments (IDEs)
    • Single Sign-On (SSO)
      • Single Sign-On (SSO) through Okta
      • Single Sign-On (SSO) through Microsoft Entra ID
      • Single Sign-On (SSO) through JumpCloud OIDC
      • Single Sign-On (SSO) through GitHub
  • Tips & Tricks
    • Debricked CLI migration guide
    • Workarounds
      • Scanning Conan (C++) projects
      • Scanning a repository with different services
      • Scanning Docker images
      • Automations: Do not fail on found CVE lacking a fix
Powered by GitBook
LogoLogo

Company

  • Pricing
  • Blog

Support

  • Privacy Policy
  • Terms & Conditions
  • Service Status

Resources

  • Vulnerability DB
  • Open Source Select

© 2018-2024 | Open Text

On this page
  • Support for Pull Requests
  • Solve multiple vulnerabilities using a Pull Request
  • Solve a single vulnerability using a Pull Request

Was this helpful?

Export as PDF
  1. Product
  2. Vulnerability management
  3. Pull Requests (PR)

Solve vulnerabilities using Pull Requests (PR)

OpenText Core SCA offers several solutions to tackle open-source vulnerabilities. Learn how to do it using Pull Requests (PR).

Last updated 4 days ago

Was this helpful?

Assume there is repository with huge number of vulnerabilities. It will take time to go through each one of them and potentially fix them. OpenText Core SCA offers the ability to open a pull request to solve many vulnerabilities at once.

Support for Pull Requests

Currently, OpenText Core SCA only supports pull requests for certain package managers and integrations using the GitHub app, GitLab or Azure DevOps. For information regarding the support of your package manager, see the .

Solve multiple vulnerabilities using a Pull Request

Following are the steps for to solve multiple vulnerabilities:

  1. In a repository, click Generate pull request to let the tool update your dependencies, solve vulnerabilities, and create a pull request.

  2. Click View generated fix to view the pull request.

  3. When the pull request is merged, you will notice a decrease in the number of vulnerabilities.

Set a commit message

Once you click the Pull Request button, a new modal is displayed where it is possible to set your own commit message. If you choose not to provide a message, by default the message will be "Fix CVE-XXX" or "Bulk fix vulnerabilities", depending on the type of Pull Request that is created.

Solve a single vulnerability using a Pull Request

It is possible to solve a specific vulnerability in a repository using pull requests, instead of multiple CVEs at once as in the example above.

Following are the steps to solve a specific vulnerability:

  1. In a repository, click the specific vulnerability you wish to remediate.

  2. In the CVE view, click the Open pull request button. You can see the vulnerable version(s) and the proposed change.

  3. Click Confirm to execute the changes.

If a pull-request is made, creating a new branch, this branch can be viewed in the web tool. If the pull-request is rejected and the branch is deleted, the branch can still be viewed in the UX. This is the case even after a re-scan of the repo, since the branch is still in the database. This data will be pruned only after 30 days.

language support page