What it does
GitHub Security Vuln Triage pulls Dependabot security alerts across one or more GitHub repositories, deterministically re-prioritizes them by combining CVSS severity with exploitability signals (public exploit availability, reachability from application code, and fix availability), and produces a ranked triage queue. Critical and high-priority vulnerabilities can be filed as Jira tickets with pre-filled remediation guidance, and a daily summary is posted to a Slack security channel. The agent never applies a fix or auto-merges a Dependabot PR; all remediation actions require human review and approval. Built for AppSec and platform security teams who need a fast, explainable way to cut through vulnerability alert noise instead of triaging every CVE by hand.
Example prompts
- Run the full vulnerability triage across our repos and post today's Slack summary
- Show me the top 10 highest-priority vulnerabilities right now
- File Jira tickets for all critical vulnerabilities in this repo
- Re-prioritize these Dependabot alerts by exploitability
Tools (8)
Tools the agent exposes — your AI client calls them automatically when it needs them.
- run_full — Run the full triage pipeline: fetch Dependabot alerts, re-prioritize deterministically, file Jira tickets for criticals, post Slack summary.
- fetch_alerts — Fetch raw Dependabot security alerts for one or more repositories. Mock fixtures used without a live GitHub token.
- prioritize_vulnerabilities — Deterministic re-prioritization of a list of alerts by CVSS + exploitability signals. No LLM.
- create_jira_tickets — File Jira tickets for critical/high-priority vulnerabilities with pre-filled remediation guidance. Never auto-merges or applies fixes.
- post_slack_summary — Post the daily vulnerability triage summary to a Slack security channel.
- discover_intent — Understand your goal and co-design the exact input via clarifying questions before running.
- plan_inputs — Plan/brainstorm the inputs for a tool: returns questions, schema and a ready-to-edit example.
- list_capabilities — List the agent's tools, credential slots and guardrails.
What you'll need to connect
This agent will ask you for the following. You enter them when you connect — they're encrypted and never shared with the creator.
- GitHub Token · optionalGitHub personal access token or GitHub App token with security_events:read and repo:read scopes. Required for live Dependabot alert fetching; mock fixtures used without it.Create a personal access token in GitHub (Settings → Developer settings → Personal access tokens) scoped to what the agent needs.Paste the value as a single line.Only sent to: api.github.com
- Jira API Token · optionalJira API token (with your Atlassian account email) used to create triage tickets for critical/high vulnerabilities.Get this from *.atlassian.net's account or API settings.Paste the value as a single line.Only sent to: *.atlassian.net
- Slack Bot Token · optionalSlack bot OAuth token (xoxb-...) with chat:write scope for posting the daily vulnerability triage summary.Create a Slack app (api.slack.com/apps), add the scopes the agent needs, install it to your workspace, and copy the bot/user token.Paste the value as a single line.Only sent to: slack.com
- Anthropic API Key · optionalOptional. Leave blank on a sampling-capable client to use the host model with no key.Create a key on the Anthropic Console API keys page (console.anthropic.com → API keys).Paste the value as a single line.Only sent to: api.anthropic.com
How you're protected
FindAgent runs these safety checks on every agent automatically. They're always on and can't be turned off.
- Prompt-injection scanning
Every request is checked for known prompt-injection and jailbreak attempts before the agent runs. This is always on.
- Secret-leak scanning
Every response is scanned for leaked API keys, tokens, and other secrets before it reaches you. This is always on.