Vulnerability remediation

Close the distance between evidence and a reviewed fix.

Generate focused diffs, stage audited auto-fix proposals, open pull requests through ZeroQuarryBot, or hand findings into the team’s ticketing system. Retest the result in the same lineage.

Generated patch revisionsApproval-gated GitHub PRsFocused retesting

A patch is a proposal. The workflow makes that explicit.

Security automation should reduce translation work without silently approving production changes. ZeroQuarry separates generation, repository permission, operator approval, CI, and merge.

01

Generated patch revisions

Create a unified diff, review it, give feedback, and generate a new revision without granting repository write access.

02

ZeroQuarryBot pull requests

Install a GitHub App on selected repositories and open audited PRs from approved proposals.

03

Layered safety controls

Use account and repository kill switches, explicit enrollment, base-branch settings, file deny-lists, size limits, and push caps.

04

Optional auto-push

After a successful manual workflow, selected repositories can send qualifying proposals straight to PR review without auto-merging.

05

Ticket handoff

Create Jira or ServiceNow work, or open a prefilled GitHub Issue when code changes are not the right first step.

06

Retest and regression history

Re-run focused assessments, record mitigation and retest decisions, and surface a later recurrence as regression.

A concrete path through the work.

ZeroQuarry automates investigation and coordination. Your team keeps control of authorization, risk ownership, and production changes.

STEP 01

Validate

Confirm the vulnerability applies to the product before generating or filing remediation work.

STEP 02

Propose

Generate a patch, auto-fix proposal, or ticket with source, impact, proof, and expected outcome.

STEP 03

Review

Use normal engineering ownership, CI, branch protection, and code-review controls.

STEP 04

Retest

Verify the risk after merge and record retested or regression state in the original history.

What the team gets back.

Useful coverage should lead to faster decisions, cleaner remediation, and evidence that holds up when someone asks for it later.

Engineer-ready work

Reduce the manual translation from vulnerability narrative to code path, reproduction, and candidate change.

Controlled automation

Get the speed of generated fixes while preserving explicit repository gates and human merge authority.

Verified closure

Differentiate “a fix was merged” from “the security risk was actually retested.”

Questions that come up in evaluation.

These are the product boundaries, controls, and operating details teams usually want to understand first.

Does ZeroQuarry auto-merge security fixes?

No. ZeroQuarryBot opens pull requests; your repository’s reviewers, CI, branch protection, and merge policy remain in control.

Do we have to install the GitHub App to get a patch?

No. Patch generation can produce a downloadable or revisable diff without repository write access. The GitHub App is only needed for the pull-request workflow.

How do we stop the bot quickly?

An account-wide kill switch stops all pushes, and each repository has its own kill switch. Repository enrollment and GitHub App access add separate permission gates.

Start with one real security boundary.

Use the free trial on your own product, then decide whether the resulting security work is useful enough to keep.