Vulnerable code dependencies can cause a range of problems for your project. Jit integrates dependency checkers (SCA tools) to CI/CD to automatically scan the full code base and every new Pull Request.
Additional configuration steps are required to enable dependency scanning via npm-audit within monorepos. For complete instructions, see Monorepo Support.
When Jit detects a vulnerable package, it searches for a newer version free from that vulnerability. If found, Jit will recommend the specific version you should update to. These recommendations are provided in the form of guidelines within a Pull Request.
For some languages and package managers, Jit can auto-generate fix code that resolves the finding. Remediation is made available in two modes:
- Remediation in a Pull Request - In those cases, the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.
- Remediation from the Actions page - In those cases, the user views the finding in the Jit Platform and clicks the Create a Fix PR button to generate a new Pull Request which introduces the fix code. In GitHub, the developer will review the newly created Pull Request and merge it to apply the fix.
In the Actions page, the user clicks on Create a Fix PR that creates a new Pull Request with the fix code.
Then in GitHub, the Pull Request is created.
The developer can review the fix itself and merge it to apply the fix.
Updated about 1 month ago