devguard

Actions

Automate recurring procedures and routine tasks to maintain compliance and oversight, enabling you to trigger tickets and notifications that keep your controls and policies actively enforced. Manage all connected integrations from the Integrations page.

Overview

Actions can be executed periodically using the Schedules feature in Collections → Schedules. Each Action can be linked to a defined schedule that determines when it triggers.

Overview

Actions automate repetitive compliance activities by allowing you to create tickets or send notifications through external integrations such as GitHub, GitLab, JIRA, or Slack. They help ensure that important tasks — such as periodic reviews, control verifications, or vulnerability checks — are automatically scheduled and tracked.

Actions can be executed periodically using the Schedules feature in Collections → Schedules. Each Action can be linked to a defined schedule that determines when it triggers.

Core Functionality

Actions bridge the gap between compliance requirements and operational execution. They allow you to automate recurring tasks tied to your frameworks, policies, and controls — ensuring that your organization consistently performs key compliance activities.

Once configured, Actions can trigger:

  • Tickets on connected project management tools (e.g., JIRA, GitHub, GitLab)
  • Notifications to communication channels (e.g., Slack)
  • Periodic reminders to perform assessments, reviews, or control verifications

Each Action can be linked to a schedule, defining its recurrence (e.g., weekly, monthly, quarterly). When executed, it automatically generates tickets or notifications using predefined templates, helping teams remain proactive.

Evidence Collection and Audit Integration

Every Action creates verifiable evidence of recurring compliance activity. For example, a recurring JIRA ticket to review open vulnerabilities will, once closed, reflect compliance evidence in devguard.

This evidence can later be reviewed or exported for audit readiness, demonstrating that required periodic checks are being performed.

Import and Export

Assets can be imported/exported in CSV format:

actions.csv
name,integration,content
Access Review,GITHUB,Perform a security vulnerability review across repositories and attach the report.
Vulnerability Review,GITHUB,Perform a security vulnerability review across repositories and attach the report.

Fields Explained

FieldDescriptionExample
NameThe name of the Action (required)Monthly Vulnerability Review
ScheduleLinks to a defined schedule from Collections → Schedules. Determines recurrence.Every 30 days
IntegrationThe external platform where the action will execute (required)GitHub
Template ContentThe message or ticket body written in Markdown. Can include instructions or control references (required)Perform a security vulnerability review across repositories and attach the report.
StatusIndicates whether the Action is active or inactive. Inactive actions are paused until re-enabled.Active

Integrations

Integrations define where and how your Actions execute. All integrations can be managed from the Integrations page under Settings, where authentication and configuration options are available.

Best Practices

  • Start small: Begin by automating simple recurring compliance tasks, such as reviewing policy adherence or performing asset checks, before scaling to broader automation.
  • Leverage schedules: Use the Schedules feature to standardize frequency — e.g., monthly for risk reviews or quarterly for control validation.
  • Template for consistency: Use Markdown templates to ensure every ticket or notification contains consistent context and compliance references.
  • Monitor completion: Regularly verify that generated tickets or notifications are being resolved. Closed tickets serve as audit-ready evidence of recurring compliance actions.
  • Integrate across systems: Combine Actions with your existing tools (e.g., JIRA + Slack) to keep all stakeholders informed without manual coordination.
  • Review and iterate: Regularly review your Actions and schedules to adjust frequencies, templates, or integrations as your compliance landscape evolves.

Audit Readiness

By linking automated Actions with your operational tools, you ensure that every recurring review, check, and remediation activity is both scheduled and traceable — providing strong evidence during audits or regulatory reviews.

Compliance Value

Actions transform compliance from a static checklist into an active, ongoing process. By automating routine procedures and tracking outcomes, your organization gains:

  • Continuous assurance that required reviews are happening on time
  • Verified audit evidence that shows recurring checks and task completion
  • Reduced manual effort and improved accountability across teams

When combined with Frameworks, Policies, and Controls, Actions complete the compliance loop — ensuring every standard is not only defined but operationally enforced.

How is this guide?

On this page