Templates

CVE mitigation and dependency updates

Scans your dependencies for known CVEs (Common Vulnerabilities and Exposures) and outdated packages, applies updates, runs your test suite to verify nothing breaks, and opens a PR with the fixes.

Use this template

How to use this template

  1. 1Click "Use this template" or create a new automation in Ona
  2. 2Set your trigger (manual, scheduled, or event-based)
  3. 3Copy each step below into the automation builder
  4. 4Customize the prompts for your specific use case

What this does

  • Detect and remediate CVEs automatically
  • Check reachability of vulnerable functions
  • Validate fixes with test suites
  • Generate security analysis reports

Workflow

Trigger

Manual trigger

Select the repository to scan for CVEs and outdated dependencies.

Prompt

Scan dependencies

Run audit and outdated commands for the package manager. List dependencies with known vulnerabilities or major version gaps.

Prompt

Check reachability

Determine if vulnerable library is used and whether vulnerable functions are called. Show the call chain.

Prompt

Apply fix

Update the dependency to the fixed version, adjust code if APIs changed, and run tests.

Pull Request

Open PR with fix

Create a draft pull request with dependency updates and a security analysis report.

More automations to explore.

CI migration

Migrate CI/CD pipelines across platforms at scale

Java/COBOL migration

Modernize legacy COBOL or Java to modern languages

COBOL spec identification

Extract business specs from legacy COBOL code

Automated dev environment setup

Analyze and standardize dev environments via PR

Ready to try a template?

Start building with a free Ona account.

Start freeRequest a demo
Copied to clipboard!

This website uses cookies to enhance the user experience. Read our cookie policy for more info.