Compromised Dependency Detected
Data Element for a Compromised Dependency
Overview
The tables below define the data elements available in the Workflow action for a Compromised Dependency Detected trigger.
Finding
finding.id
1880737
Unique identifier for the finding within Heeler
finding.code_root_id
2172405
Identifier of the code root (module or artifact) where the finding was detected
finding.vuln_id
CVE-2025-15284
Public vulnerability identifier associated with this finding
finding.package_name
qs
Name of the vulnerable package or dependency
finding.package_version
6.5.3
Version of the package that is vulnerable
finding.severity
HIGH
Normalized severity level of the finding
finding.vuln_ref_id
17445572
Internal reference ID linking to the vulnerability record
finding.created_at
2026-01-06T20:08:05.041112
Timestamp when the finding was first created
finding.updated_at
2026-01-06T20:08:05.041113
Timestamp when the finding was last updated
finding.risk
2
The Heeler Risk: 1 = Urgent 2 = Plan 3 = Defer
finding.risk_original
null
Original risk score before adjustments or recalculation
finding.business_impact
3
Business impact score assigned to the finding
finding.tier
null
Optional tier or classification assigned to the finding
finding.environment
Unassigned
Deployment environment associated with the finding
finding.environment_impact
null
Environment-specific impact score
finding.exploitability
true
Indicates whether the vulnerability is exploitable
finding.accessibility
null
Indicates how externally accessible the vulnerable component is
finding.mitigated
false
Indicates whether the finding has been mitigated
finding.runtime
null
Indicates whether the finding was observed at runtime
finding.compromise
null
Indicates evidence of active compromise
finding.chaining
null
Indicates whether this finding can be chained with others
finding.threat_impact
1
Threat impact score used in overall risk calculation
finding.exploit
null
Evidence or details of a known exploit
finding.introduced_dependency_version_id
11198269
Dependency version where the vulnerability was introduced
finding.fixed_dependency_version_id
null
Dependency version where the vulnerability was fixed
finding.fix_reason
null
Reason the finding was marked as fixed
finding.fixed_at
null
Timestamp when the vulnerability was fixed
finding.fix_changeset
null
Commit or changeset that fixed the vulnerability
finding.fix_committer
null
Committer responsible for the fix
finding.earliest_fix_deployed_at
null
Earliest deployment timestamp containing the fix
finding.latest_fix_deployed_at
null
Latest deployment timestamp containing the fix
finding.remediated_at
null
Timestamp when the finding was fully remediated
finding.slo_due_date
2026-02-27T23:15:42.703000
SLA/SLO due date for remediation
finding.slo_due_date_original
2026-02-27T23:15:42.703000
Original SLA/SLO due date before changes
finding.autofixable
null
Indicates whether the finding can be automatically fixed
finding.autofixed
null
Indicates whether the finding was automatically fixed
finding.url
Direct link to the finding in the Heeler UI
Dependency Version
finding.dependency_version.id
11198269
Unique identifier for the dependency version
finding.dependency_version.name
qs
Dependency name
finding.dependency_version.version
6.5.3
Dependency version number
finding.dependency_version.found_in_code
true
Indicates the dependency was detected in source code
finding.dependency_version.found_at_runtime
false
Indicates the dependency was observed at runtime
finding.dependency_version.introduced_at
2025-07-26T21:07:20
Timestamp when the dependency was introduced
finding.dependency_version.introduced_changeset
56e0bd3597...
Commit that introduced the dependency
finding.dependency_version.introduced_committer
Committer who introduced the dependency
finding.dependency_version.first_seen_at
2025-07-26T21:07:20
First time the dependency was observed
finding.dependency_version.most_recently_seen_at
2026-01-06T20:08:00.094144
Most recent observation of the dependency
finding.dependency_version.last_seen_at
2025-07-26T21:07:20
Last known observation timestamp
finding.dependency_version.pin_status
unknown
Indicates whether the dependency version is pinned
Resource (Repository)
resource.id
1026889835
Internal identifier for the repository
resource.org
heelerai
Organization that owns the repository
resource.name
woocommerce
Repository name
resource.full_name
heelerai/woocommerce
Fully qualified repository name
resource.language
PHP
Primary programming language
resource.default_branch
main
Default branch of the repository
resource.created_at
2025-07-26T20:47:01
Repository creation timestamp
resource.updated_at
2025-07-26T21:09:32
Last update timestamp
resource.private
null
Indicates whether the repository is private
resource.visibility
internal
Visibility level of the repository in Heeler
Vulnerability
vulnerability.id
17445572
Unique identifier for the vulnerability record
vulnerability.vuln_id
CVE-2025-15284
Public vulnerability identifier
vulnerability.title
qs: Denial of Service via improper input validation
Human-readable vulnerability title
vulnerability.description
Improper Input Validation vulnerability in qs...
Detailed description of the vulnerability
vulnerability.severity
HIGH
Reported severity of the vulnerability
vulnerability.cvss_score
7.5
CVSS base score
vulnerability.cvss_vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS vector string
vulnerability.epss
0.00152
EPSS probability score
vulnerability.published_at
2025-12-29T23:15:42.703000
Public disclosure date
vulnerability.cwe_ids
["CWE-20"]
Common Weakness Enumeration identifiers
vulnerability.vulnerable_versions
["<6.14.1"]
Versions affected by the vulnerability
vulnerability.fixed_versions
["6.14.1"]
Versions where the vulnerability is fixed
Code Root
code_root.id
2172405
Unique identifier for the code root
code_root.repository_id
h4r>>github>>github_repository>>heelerai>>woocommerce
Repository identifier associated with the code root
code_root.file
pnpm-lock.yaml
File where the dependency was detected
code_root.package_manager
npm
Package manager used
code_root.package_ecosystem
npm
Dependency ecosystem
code_root.commit_time
2025-07-26T21:07:20
Commit timestamp for the code root
code_root.url
Direct link to the module (code root) in Heeler
Last updated
Was this helpful?