Dependency vulnerability auto-remediation (auto-PRs)

The Dependency vulnerability agent helps you stay ahead of CVEs by triaging dependency scanning alerts and automatically generating the work needed to remediate them—either by opening upgrade PRs or creating prioritized tickets with clear owners and SLA deadlines.

What the agent does

When new vulnerabilities are detected, the SecureSlate agent can:

1. Ingest alerts from GitHub (Dependabot) or GitLab dependency scanning.
2. Classify severity (Critical/High/Medium/Low) and affected packages.
3. Deduplicate and group related findings (same package across repos).
4. Create remediation work:
   • Open a PR with safe version upgrades (when possible), or
   • Create tickets (Jira/Linear/ClickUp) with priority + due dates.
5. Track status until merged/closed and update the corresponding test.

Run auto-remediation

1. Open the failing vulnerability-related test (or the security findings view).
2. Click Auto Fix on the SecureSlate AI can fix this card.
3. Choose the remediation mode: PR-first or Ticket-first.

Review and approve

You can review:

• Affected repos and dependency files (for example package-lock.json, go.mod, requirements.txt)
• Upgrade plan (target versions, breaking-change risk)
• Proposed tickets (priority, owner, SLA deadline)

Then choose:

• Approve — The agent opens PRs and/or creates tickets and links evidence.
• Reject — Close without changes.

Common policies you can enforce

• SLA by severity (for example Critical: 7 days, High: 14 days)
• PRs for patch/minor only; tickets for major upgrades
• Owner routing by repo codeowners or team mapping
• Auto-escalation when deadlines are breached

Related documentation

• Connecting SecureSlate and GitHub Dependabot
• Assignment and Ownership for Controls, Tests, and Policies