Workflows

Overview

Workflows help security teams operationalize response by automatically routing high-signal security events to the right systems and teams. Built on event-driven triggers and conditional actions, workflows allow organizations to enforce consistent security processes without adding manual overhead to engineering teams.

For security leaders, workflows provide a scalable way to ensure findings, remediations, and risks are handled consistently, tracked externally, and aligned with ownership and accountability models.

Key Benefits

• Automate response to high-signal security events

• Enforce consistent security handling across teams and repositories

• Improve visibility and accountability through ticketing and messaging systems

• Reduce manual coordination between security and engineering teams

• Integrate Heeler with existing workflows and third-party systems

Common Use Cases

Security teams use workflows to standardize response, reduce time to remediation, and maintain visibility across the organization.

• Automatically create tickets for new high-impact findings Ensure critical vulnerabilities are immediately tracked in Jira or Linear with full context, without manual triage.

• Notify engineering teams when a remediation becomes available Alert the right teams when a fix is ready, helping reduce exposure windows and accelerate remediation adoption.

• Escalate secret exposure in real time Send immediate notifications when secrets are detected to prevent credential misuse and limit blast radius.

• Track compromised dependencies across services Automatically export compromised dependency events to external systems for coordinated incident response and auditability.

• Integrate security events into centralized risk or GRC platforms Use webhooks to feed security signals into broader governance, risk, or incident management systems.

Available Triggers

Workflows are initiated by security events detected by Heeler. Each trigger exposes structured data that can be used to drive conditional logic and downstream actions.

• New Finding Detected Triggered when a new vulnerability finding is detected in a repository.

• New Remediation Available Triggered when Heeler identifies a new dependency remediation for an existing finding.

• New Secret Detected Triggered when a secret is detected in a repository.

• New Compromised Dependency Triggered when a compromised dependency is detected in a service deployment or repository.

• Finding Override Expiration Triggered when risk override is expiring.

• New Finding Fix Available Triggered when a fix becomes available for an existing vulnerability finding detected in a repository.

• New Remediation Available Triggered when Heeler identifies a new dependency remediation option for an existing vulnerability finding.

• New Repository Discovered Triggered when a new repository is created.

Available Actions

Once triggered, workflows can perform one or more actions to notify teams or integrate with external systems.

• Send Message – Slack

• Create Ticket – Jira, Linear (coming soon)

• Send Webhook – Custom integrations

• Send Email – Direct notifications

Product Experience

The following walkthrough explains how to create, configure, and manage workflows in Heeler.

The Workflows page provides a centralized view of all configured workflows across your organization. From here, you can:

• View all workflows and their current status (Enabled / Disabled)

• See execution counts to understand trigger activity volume

• Quickly enable or disable workflows

• Edit or review existing configurations

• Create new workflows

For security leaders, this page serves as a control center to validate that automation is active and operating as expected.

Creating a New Workflow

To create a workflow, select Create Workflow.

Each workflow follows a simple structure:

1. Select a Trigger

2. Define Conditions (Optional but Recommended)

3. Configure One or More Actions

This structured model ensures workflows remain clear and auditable with automation reducing your cognitive load and disruptions.

Step 1: Select a Trigger

The first step is selecting the event that will initiate the workflow.

Available triggers include:

• New Finding Detected

• New Remediation Available

• New Secret Detected

• Compromised Dependency Detected

When a trigger fires, Heeler provides structured event data (for example: severity, repository, service, remediation status, environment, etc.). This data can be used to define conditions and populate downstream actions.

Step 2: Define Conditions

After selecting a trigger, you can define conditions to control when the workflow executes.

Conditions allow you to filter based on attributes such as:

• Severity

• Repository or service

• Environment

• Organization or team context

• Remediation availability

• Other event metadata

Conditions ensure workflows only execute when business-relevant thresholds are met.

For example:

• Only create tickets for Critical findings

• Only notify Slack for production services

• Only escalate active secrets in customer-facing repositories

Why this matters: Conditional logic prevents automation fatigue and ensures workflows align with your security policy.

Step 3: Configure Actions

Once conditions are defined, you configure one or more actions (limit 3 actions).

Available actions include:

• Send Slack Message – Notify teams in real time

• Create Jira Ticket – Automatically track work in engineering systems

• Send Webhook – Integrate with external platforms or GRC systems

• Send Email – Direct notifications

Each action allows dynamic field mapping using the trigger’s event data. This ensures tickets, messages, and webhooks include complete and contextual information.

The data available is determined by the triggering event. View the available attributes for each event type:

Example: A Jira ticket can automatically include:

• Finding ID

• Severity

• Repository

• Service

• Available remediation

• Direct link back to Heeler

This eliminates manual copy-paste and preserves full context.

Step 4: Enable and Monitor

After activation:

• The workflow begins executing automatically when matching events occur

• Execution counts indicate how many times the trigger is executed, it is NOT how many times the actions are executed. e.g. 36 executions indicate how many times the trigger was executed but depending on the Condition applied there could be 0 Actions executed.

• Workflows can be toggled on or off at any time

The execution count provides quick visibility into activity volume and can help validate:

• Adoption of new remediations

• Frequency of high-severity findings

• Secret detection trends

• Compromised dependency events

For security leaders, this provides lightweight operational telemetry without requiring a separate reporting system.

Managing Existing Workflows

From the main Workflows table, you can:

• Edit workflows as policies evolve

• Temporarily disable workflows during process changes

• Review execution history

• Standardize workflows across teams

As your organization matures, workflows can be used to formalize security policy enforcement in a measurable and repeatable way.

How Workflows Fit Into Heeler

Workflows extend Heeler beyond visibility and into operational execution.

They connect:

• Security Signals (findings, secrets, compromised dependencies) with

• Engineering Systems (Jira, Slack, external integrations)

This closes the loop between detection and response, helping organizations move from reactive tracking to proactive automation.