New Threshold Defaults for Automatic Fix Pull Requests

Back in November, we announced a significant enhancement to Snyk Automatic Fix Pull Requests, furthering our mission to design workflows to match different projects needs.

Today, we're excited to announce the completion of this effort, the setting of a default threshold for any organization leveraging our auto-fixes that hasn't done so already.

Auto Fix Pull Request thresholds are configurable by either severity or score. We understand in some projects, fixing all vulnerabilities constantly is extremely important, whereas in others focusing on specific types boosts velocity. That's why we configured two types of rules for Automatic Fix Pull Requests:

• by score (priority or risk score) - set a threshold from 0 to 1000

• by severity - select among critical, high, medium or low

Starting today, June 5th, we're defaulting any organization that hasn't yet set a threshold to a risk score of 700, the general consensus amongst our early adopters and the value Snyk's seen to most effectively reduce noise while still surfacing fixes for the most important vulnerabilities.

If you've already set thresholds, Snyk will not change your defaults. This option will also not influence our Backlog PR capability.