Skip to content

Security Advisory Enricher

Example prompt: "When a Dependabot alert is created on any of our GitHub repos, look up the CVE details, assess whether it affects our production code paths, and create a Linear issue with the severity, affected packages, and recommended fix — then ping #security on Slack."

How to automate security advisory triage with GloriaMundo

The Problem

Dependabot and similar tools generate vulnerability alerts, but the alerts themselves are often bare — a CVE ID, an affected package version, and a generic severity rating. An engineer still has to look up the CVE, read the advisory, work out whether the vulnerable code path is actually reachable in their application, decide on a priority, and create a ticket. When a project has dozens of dependencies, these alerts pile up and the low-signal ones drown out the genuinely urgent ones. The result is either alert fatigue or a backlog of unreviewed security issues.

How GloriaMundo Solves It

We build a workflow triggered by a GitHub webhook when a new Dependabot alert is created. A web search step looks up the CVE on public vulnerability databases to pull in the full advisory description, affected versions, and any known exploits. An LLM step analyses the vulnerability in the context of your stack — considering the package's role, whether it is a direct or transitive dependency, and the type of exposure (network-facing vs. internal tooling) — and assigns a contextual priority (critical, high, medium, or low). A conditional step routes the alert based on that priority. For medium-and-above issues, an integration step creates a Linear issue with the CVE summary, affected package, contextual severity, and a recommended remediation path, and a follow-up integration step posts a concise alert to #security on Slack. For low-priority advisories, the workflow still creates a Linear issue tagged "low-priority" or "snoozed" — carrying comparable analysis data (CVE ID, affected package, contextual rationale, and alert metadata) — but skips the Slack notification, so nothing is silently dropped, and the analysis remains available for re-evaluation later. Glass Box preview shows the enrichment analysis and the proposed issue before anything is created, so you can override the priority if needed.

Example Workflow Steps

  1. Trigger (webhook): Fires when a new Dependabot vulnerability alert is created on a GitHub repository.
  2. Step 1 (web_search): Look up the CVE ID on public vulnerability databases to retrieve the full advisory, CVSS score, and known exploit status.
  3. Step 2 (LLM): Analyse the vulnerability in context — package role in the stack, direct vs. transitive dependency, exposure surface — and assign a contextual priority with a short rationale.
  4. Step 3 (conditional): Branch on the contextual priority. Low-priority advisories take the audit branch; medium-and-above take the active branch.
  5. Step 4a (integration, active branch): For medium-and-above, create a Linear issue containing the CVE summary, affected package and versions, contextual priority, and recommended remediation steps.
  6. Step 4b (integration, audit branch): For low-priority, create a Linear issue tagged "low-priority" or "snoozed" with comparable analysis data — CVE ID, affected package, contextual rationale from the LLM step, and alert metadata — so the analysis is preserved for future re-evaluation.
  7. Step 5 (integration): For medium-and-above only, post a brief alert to #security on Slack with the CVE ID, priority, and a link to the Linear issue.

Integrations Used

  • GitHub — source of Dependabot vulnerability alerts
  • Linear — receives the enriched, prioritised security issue
  • Slack — notifies the security channel of medium-and-above vulnerabilities

Who This Is For

Engineering teams and security-conscious developers who receive a steady stream of dependency vulnerability alerts and need a way to triage them efficiently without ignoring them entirely.

Time & Cost Saved

Manually triaging a vulnerability alert — looking up the CVE, reading the advisory, assessing relevance, and creating a ticket — takes 10-20 minutes per alert. A moderately active project might see 5-10 alerts per week. This workflow handles the research and triage automatically, reducing the human effort to reviewing the enriched issue and deciding on a fix. That is roughly 1-3 hours per week of triage work saved. Each run uses web search, LLM, conditional, and integration steps.