GitHub Pull Requests
SOOS gives you the power to generate pull requests for GitHub QuickScans and/or scans initiated via GitHub Webhook. The pull request feature is only available for scans performed on non-lockfile manifests (see note below).
When certain issues (such as vulnerabilities) are identified in a scan, a pull request can be created by navigating to the Issues tab and expanding the issue details. Users will have the ability to select a vulnerability free version to include in the pull request. See more under Creating Tickets & Pull Requests.
SOOS-to-GitHub pull requests are not available for scans performed on lockfiles. As developers ourselves, we feel that lock files should be purposefully generated, meaning a human or CI system should be instructed to generate these using the package manager CLI at specific points in time. Lockfiles are complex and governed by numerous rules and decisions that are best left up to the package manager to determine.
