Product Update - 7/21/2025

Package Supersedence

We tell you what to upgrade to—even when a package is obsolete. When a package is no longer maintained, Heeler now shows its superseding package. For example, remediations for log4j are now mapped to the actively maintained org.apache.logging.log4j

Global Remediation

One place to manage all code and service remediations. Code and Service remediations are now unified in a single Dependency Remediations view. When linked to services, this view is automatically enriched with runtime context—giving you a complete picture of each remediation’s blast radius.

More updates are coming soon that will make this the central workspace for AppSec operations.

Guardrails - Now with Fixability

Turn policy violations into clear next steps. Vulnerability-based guardrails now include recommended upgrade versions and fixability assessments—so developers know exactly what to do and how much effort it will take.

Dependency Classification

Quickly understand what you’re working with. Dependencies are now classified as open source or first party, and as direct or transitive. This gives teams instant context on where a dependency came from and what it might affect—starting with Java and expanding to other languages soon.

Dependency Graph

See every path for a dependency. We’ve expanded our dependency visualization to show all paths in the dependency graph—crucial for understanding the full lineage of widely-used transitive libraries.

Bonus: We now embed full dependency paths directly into Jira remediation tickets.

Expanded Registry Support for First Party Libraries

Support for more registries—on-prem and in the cloud. Heeler now supports Java first-party library analysis from:

• JFrog Artifactory

• Sonatype Nexus Repository

• GCP Artifact Registry

Artifactory and Nexus can also connect securely via the Broker for on-prem environments.

Static Ruby Analysis

Deep visibility into Ruby apps—no lockfile needed. Heeler now supports Ruby static dependency analysis even when lockfiles are missing, thanks to our build emulation engine.

We’ve also added API endpoint discovery for:

• Ruby on Rails

• Sinatra

• Grape

Configure Jira at the Code Root

Smarter Jira routing from the source. You can now configure Jira Project, Team, and Ticket Type at the Code Root level. These settings automatically cascade to any linked services—no extra setup required in the Services tab.

Finding Mitigation Checks

Know exactly why a finding was deprioritized. Heeler now shows the specific mitigation checks detected for mitigated findings. We’ve also improved the visual status of each prioritization attribute, so you can triage faster and with confidence.

Improved Broker Status

Easier monitoring of your Broker health. We’ve enhanced the Broker status indicators to make it easier to understand what’s working and what needs attention:

• Created (Grey): Broker created in the UI but not yet running

• Ready (Yellow): Broker deployed and connected to Heeler (no registries yet)

• Healthy (Green): Broker and all registry connections are working

• Degraded (Orange): Broker is up but one or more registries are in error

• Error (Red): All registry connections are in an unhealthy state