Skip to main content
Neo automates the time-consuming process of finding the right owner for vulnerability findings. Instead of manually searching through git logs, tickets, and team structures, Neo traces code ownership through repositories, analyzes contribution history, correlates with tickets and PRs, and assigns vulnerabilities to the developers or teams best positioned to remediate them with full evidence trails.

What it does

  1. Ingest finding: retrieves vulnerability details (file path, line numbers, endpoint, function name, CVE/CWE)
  2. Code archaeology: traces git history to identify authors, recent contributors, and original implementers
  3. Context correlation: searches related PRs, tickets, design docs, and code review history
  4. Ownership resolution: determines primary owner based on contribution patterns, team structure, and code ownership files (CODEOWNERS, package maintainers)
  5. Evidence linking: compiles attribution report with git commits, PR links, ticket references, and confidence scores
  6. Automated assignment: creates or updates tickets with proper assignee, context, and full audit trail

Prerequisites

  • Source control integration (GitHub, GitLab, or Bitbucket) configured via Environment Variables
  • Repository access for git history analysis
  • Optional: Jira or Linear integration for ticket correlation and automated assignment
  • Optional: CODEOWNERS files, team rosters, or organizational charts in Files to improve accuracy
  • Optional: Slack or communication tool integration for notifications

Usage

Prompt example: “For vulnerability finding SEC-789 (SQL injection in /api/invoices endpoint), identify the developer who owns this code. Search git history, find related PRs and tickets, determine the primary owner, and assign the Jira ticket with evidence of ownership.” What Neo does:
  • Parses the vulnerability finding to extract affected file paths, functions, and endpoints
  • Clones the repository and analyzes git blame for the vulnerable code sections
  • Identifies recent contributors (last 6 months) and original authors
  • Searches for related PRs that modified the affected code
  • Correlates with historical tickets mentioning the endpoint or feature
  • Checks CODEOWNERS file and package.json maintainer fields
  • Calculates ownership confidence based on: commit recency, lines changed, PR reviews, ticket assignments
  • Updates Jira ticket with assignee, adds comment with evidence (commits, PRs, authorship %), and links artifacts
  • Notifies owner via Slack with context and remediation guidance

Examples

Basic Ownership Attribution

  • Single file vulnerability: “CVE-2024-5678 affects src/auth/session.py lines 45-67. Find who wrote and maintains this authentication logic. Assign the ticket to them with git commit evidence.”
  • API endpoint tracking: “SSRF vulnerability in /api/fetch-url endpoint. Trace the endpoint handler through the codebase, identify the team that owns the API layer, and create a Linear issue assigned to the team lead.”
  • Dependency vulnerability: “Vulnerable lodash version in package.json. Find who added this dependency, check if there are related security upgrade tickets, and assign to the developer or platform team responsible for dependency management.”

Multi-Source Correlation

  • Cross-repository search: “XSS in the user profile page. The frontend is in repo-ui and backend API is in repo-services. Find owners for both layers, determine if it’s a frontend or backend fix, and assign tickets to the appropriate teams with evidence.”
  • Feature ownership: “Authentication bypass in OAuth flow. Search design docs, ADRs, and git history to identify the team that designed and implemented OAuth. Assign to the tech lead with links to original design tickets.”
  • Legacy code attribution: “Buffer overflow in C++ module last modified 3 years ago. Original author has left the company. Find current maintainer by analyzing recent commits, code reviews, and CODEOWNERS. Escalate if no clear owner exists.”

Automated Ticketing Workflows

  • CVE response: “CVE-2024-9999 published for our logging library. Find all usages across 12 microservices, identify owner for each service, create tickets with upgrade tasks, and track remediation progress by team.”
  • Pentest finding assignment: “From the latest pentest report, extract 15 findings with affected endpoints. Map each to owning team, create tickets with pentest evidence attached, assign based on CODEOWNERS, and set SLAs by severity.”

Ownership Dispute Resolution

  • Shared code conflicts: “Race condition in shared cache layer used by 4 teams. Analyze which team contributes most to the module, check architecture docs for designated owners, and propose primary owner with fallback escalation path.”
  • Microservice boundaries: “API rate limiting bypass affects gateway service. Determine if this is a gateway team issue or upstream service issue by analyzing request flow, recent changes, and team responsibilities.”
  • Third-party integration issues: “SSRF in Stripe webhook handler. Find who integrated Stripe, check if integration is owned by payments team or platform team, correlate with Stripe-related tickets, and assign to team with most context.”