Skip to main content
Every persisted finding includes a unified-diff patch. Gecko can apply that patch for you, either as a new pull request or as a commit to the PR that introduced the issue.

Two fix paths

Fix PR on the default branch

For findings from a full scan, Gecko opens a branch (default prefix gecko/) with the patch applied and raises a pull or merge request for review.

Commit to an existing PR

For findings from a PR scan, Gecko can commit the fix directly to the PR’s head branch so the fix rides along with the change.

Request a fix

1

Open the finding's Fix tab

Review the proposed patch in the finding drawer.
2

Request the fix

Click Request fix. Gecko creates the branch and PR (or commits to the existing PR), with the change attributed to Gecko.
3

Review and merge

Treat it like any other PR: review the diff, run CI, and merge when you’re satisfied.
4

Let Gecko verify

After merge, Gecko rechecks the finding and marks it Fix verified once the vulnerability is gone.

Patch status

As a fix moves through your pipeline, the finding’s patch reflects where it is: generatedappliedmergedverified.
Configure the fix branch prefix and whether fixes are offered or committed automatically in Settings > Pull Requests. See PR checks.