ENGINEERING

Open a Linear security-review issue for high-risk GitLab MRs

For merge requests touching sensitive paths, create a tracked Linear issue in the security team's project linked back to the MR.

CategoryEngineering

Enginesim

Difficultyintermediate

Triggerwebhook

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerGitLab merge request openedGitLab
ActionFetch MR metadata and changed pathsGitLab
LogicFilter to MRs touching sensitive paths
ActionCreate linked Linear security-review issueLinear
OutputComment the Linear link on the GitLab MRGitLab

What it does

Turns security-sensitive merge requests into trackable work. When an MR touches a path on your sensitive list, it spins up a Linear issue in the security project, links it to the MR, and pre-fills the file list and risk reason. The issue closes the loop: reviews become searchable, assignable, and auditable rather than living only in GitLab notifications.

When to use it

Use it when security review is a real workflow your team reports on, not just a label. Good for organizations that need an audit trail of which sensitive changes were reviewed, by whom, and when.

How it works

1A GitLab webhook triggers on merge request open.
2The flow fetches the changed paths and MR metadata.
3A logic step checks whether any path matches the sensitive-path ruleset; non-matching MRs exit quietly.
4For matches, it creates a Linear issue in the security project with the MR link, author, file list, and a priority derived from the risk tier.
5It posts the Linear issue link back as a GitLab MR comment so reviewers can jump straight to the tracked task.

Set it up

What you configure once, before turning it on.

1
Connect GitLabRepos, MRs, pipelines, registry.
2
Connect LinearIssues, projects, cycles, triage.
3
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
4
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
5
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Engineering workflows

Upgrade Impact Router to Module Code Owners

Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.

Re-Voice IVR Prompts on Phone-Tree Config Merge

When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…

Agent reviews model-license fit and suggests compliant swaps on the PR

When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.

Scan for deprecated endpoints and email consumers a weekly sunset countdown

On a weekly schedule, scans the OpenAPI spec for endpoints marked deprecated with a sunset date, and emails each consuming team a countdown of how many days remain before removal.

Publish a versioned API changelog to Confluence on each release tag

On a new semver release tag, gathers the contract changes since the last release and writes a clean.

Gate breaking API PRs behind downstream consumer acknowledgement

When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.

Browse all Engineering →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Support

Customer Support Hub

Tier-1, tier-2, refunds, and escalations — same-hour.

Software

SaaS Operator (Pre-PMF)

Talk to users, ship features, kill what doesn't land.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →