Actions
Automate recurring procedures and routine tasks to maintain compliance and oversight, enabling you to trigger tickets and notifications that keep your controls and policies actively enforced. Manage all connected integrations from the Integrations page.
Overview
Actions can be executed periodically using the Schedules feature in Collections → Schedules. Each Action can be linked to a defined schedule that determines when it triggers.
Overview
Actions automate repetitive compliance activities by allowing you to create tickets or send notifications through external integrations such as GitHub, GitLab, JIRA, or Slack. They help ensure that important tasks — such as periodic reviews, control verifications, or vulnerability checks — are automatically scheduled and tracked.
Actions can be executed periodically using the Schedules feature in Collections → Schedules. Each Action can be linked to a defined schedule that determines when it triggers.
Core Functionality
Actions bridge the gap between compliance requirements and operational execution. They allow you to automate recurring tasks tied to your frameworks, policies, and controls — ensuring that your organization consistently performs key compliance activities.
Once configured, Actions can trigger:
- Tickets on connected project management tools (e.g., JIRA, GitHub, GitLab)
- Notifications to communication channels (e.g., Slack)
- Periodic reminders to perform assessments, reviews, or control verifications
Each Action can be linked to a schedule, defining its recurrence (e.g., weekly, monthly, quarterly). When executed, it automatically generates tickets or notifications using predefined templates, helping teams remain proactive.
Evidence Collection and Audit Integration
Every Action creates verifiable evidence of recurring compliance activity. For example, a recurring JIRA ticket to review open vulnerabilities will, once closed, reflect compliance evidence in devguard.
This evidence can later be reviewed or exported for audit readiness, demonstrating that required periodic checks are being performed.
Import and Export
Assets can be imported/exported in CSV format:
name,integration,content
Access Review,GITHUB,Perform a security vulnerability review across repositories and attach the report.
Vulnerability Review,GITHUB,Perform a security vulnerability review across repositories and attach the report.Fields Explained
| Field | Description | Example |
|---|---|---|
| Name | The name of the Action (required) | Monthly Vulnerability Review |
| Schedule | Links to a defined schedule from Collections → Schedules. Determines recurrence. | Every 30 days |
| Integration | The external platform where the action will execute (required) | GitHub |
| Template Content | The message or ticket body written in Markdown. Can include instructions or control references (required) | Perform a security vulnerability review across repositories and attach the report. |
| Status | Indicates whether the Action is active or inactive. Inactive actions are paused until re-enabled. | Active |
Integrations
Integrations define where and how your Actions execute. All integrations can be managed from the Integrations page under Settings, where authentication and configuration options are available.
Best Practices
- Start small: Begin by automating simple recurring compliance tasks, such as reviewing policy adherence or performing asset checks, before scaling to broader automation.
- Leverage schedules: Use the Schedules feature to standardize frequency — e.g., monthly for risk reviews or quarterly for control validation.
- Template for consistency: Use Markdown templates to ensure every ticket or notification contains consistent context and compliance references.
- Monitor completion: Regularly verify that generated tickets or notifications are being resolved. Closed tickets serve as audit-ready evidence of recurring compliance actions.
- Integrate across systems: Combine Actions with your existing tools (e.g., JIRA + Slack) to keep all stakeholders informed without manual coordination.
- Review and iterate: Regularly review your Actions and schedules to adjust frequencies, templates, or integrations as your compliance landscape evolves.
Audit Readiness
By linking automated Actions with your operational tools, you ensure that every recurring review, check, and remediation activity is both scheduled and traceable — providing strong evidence during audits or regulatory reviews.
Compliance Value
Actions transform compliance from a static checklist into an active, ongoing process. By automating routine procedures and tracking outcomes, your organization gains:
- Continuous assurance that required reviews are happening on time
- Verified audit evidence that shows recurring checks and task completion
- Reduced manual effort and improved accountability across teams
When combined with Frameworks, Policies, and Controls, Actions complete the compliance loop — ensuring every standard is not only defined but operationally enforced.
How is this guide?
Vendors
Vendors track the third-party suppliers and service providers your organization depends on, so you can score their risk, capture evidence, run questionnaires, and keep assessments on a recurring schedule.
Coverage
Monitor framework control coverage across your organization by tracking implementation status, linked assets, risks, and policies for comprehensive compliance oversight.