Security

Security Overview

The Security Overview offers a focused, near real-time snapshot of your organization’s security posture. It highlights trends from the past four weeks and upcoming remediation deadlines in the next four weeks, helping you stay ahead of risk.

From this overview, you can drill down directly into filtered views of specific remediations or findings for deeper investigation and action.

Key Capabilities:

  • New Findings Track newly introduced or newly surfaced vulnerabilities detected within the past four weeks.

  • Due Findings Identify findings approaching their SLO deadlines in the next four weeks, helping teams prioritize remediation efforts.

  • Fixed Findings Review vulnerabilities resolved in the past four weeks, categorized by priority or exploitability.

  • Mean Time to Fix (MTTR) Monitor average remediation times by Heeler risk priority and evaluate progress toward your SLO targets.

  • SLO Adherence Measure how well remediations are aligning with established SLOs, distinguishing those completed within vs. beyond their defined timelines.

  • New Findings Trend Visualize weekly trends in new vulnerabilities over the last four weeks, segmented by Heeler risk priority.

  • Fixed Findings Trend Track weekly remediation progress over the last four weeks, segmented by Heeler risk priority, to gauge momentum and team performance.

  • Guardrail Violations Analyze recent activity to understand where guardrails were bypassed and identify teams or workflows that may need reinforcement.

  • Findings Prevented by Guardrails Quantify vulnerabilities proactively blocked by your guardrails before they reached production—showing the impact of preventive security controls.

Security Workbench

The Security Workbench helps teams focus remediation efforts where they matter most. It organizes vulnerabilities by fixability and impact, making it easy to identify high-value actions that drive meaningful security and SLO improvements.

Included in this release:

  • Auto-Fixable View all remediations that Heeler’s agentic remediation can automatically resolve through validated, non-breaking pull requests.

  • Auto-Fix Impact Assess the potential impact of auto-fixable remediations—see how many vulnerabilities can be eliminated and how much SLO time can be reclaimed through automated fixes.

  • Most Impactful Remediations Identify package upgrades that deliver the greatest organization-wide security impact based on Heeler’s fixability analysis:

    • Easy and Medium recommendations: quickly create remediation tickets for upgrades that can be safely automated or completed with minimal effort.

    • Hard recommendations: prioritize upgrades requiring first-party code changes—ensuring development effort is focused on high-impact fixes that significantly reduce risk.

  • Newly Identified Remediations View recently discovered remediations that have not yet been triaged or ticketed.

  • Newly Ticketed Remediations Track new remediation tickets that are pending assignment or not yet in progress.

  • New Remediations by Fixability Break down newly identified remediations by their fixability category, helping teams prioritize quick wins and longer-term efforts.

  • Due Remediations Monitor upcoming remediations due in the next four weeks, categorized by their SLO timeframe, to stay ahead of deadlines.

  • Introduced Findings on New Packages Identify vulnerabilities that existed in dependencies at the time they were added, helping assess risks introduced through development or CI guardrail gaps.

  • Surfaced Findings on New Packages Detect vulnerabilities that emerged after dependencies were introduced, highlighting external risks beyond direct developer control.

Global Dependency Remediations

The Global Dependency Remediations Listing provides remediations and their impact across all code and runtime vulnerabilities. Additionally the available filters allow you to quickly filter based on organization, security, or lifecycle context.

Global Dependency Findings

You can view findings globally across your organization, highlighting the impact across your code and services. Critical attributes such as fixability can easily filter down the results, allowing you to focus on specific areas of the organization. You are also able to quickly pivot across:

  • Active Findings - Vulnerabilities present in the environment that are not fixed in code.

  • Fixed Findings - Vulnerabilities that are present in the environment but have been fixed in code.

  • Deployed Findings - Vulnerabilities that have been resolved in all active deployments.

PreviousCode RootNextGuardrails

Last updated

Was this helpful?