Glasswall / Patch-Gap Operations

Public fixes should create action before attackers create pressure.

Glasswall is a GitHub-native patch-gap operations tool. It ranks public-fix exposure, plans the smallest safe upgrades, and can open remediation pull requests before backlog culture turns a known problem into an exploited one.

Open repo Read release Roadmap issues

What it solves

The gap after a fix lands and before most teams patch.

Most tooling is built for inventory, compliance, or broad CVE visibility. Glasswall is built for the narrower and uglier problem that matters when exploit development gets faster: a public fix landed, and you need to know what is newly dangerous right now, then actually ship the smallest safe fix.

Signal Patch-gap urgency

Action Remediation PRs

Scoreboard Patch-gap MTTP

Feed Newly Dangerous

Workflow

One queue across CLI, API, Actions, and GitHub App mode.

1. Scan

Parse resolved manifests, enrich OSV and CISA KEV data, and rank urgency with explicit rationale.

2. Plan

Choose the lowest version that clears the visible advisory set and keep unsupported paths explicit.

3. Remediate

Apply safe supported upgrades for Python and exact-pinned npm repos locally or in CI, then surface the change as a GitHub-native workflow.

4. Pressure

Use PR comments, remediation branches, MTTP analytics, and a newly dangerous feed so public-fix risk becomes hard to ignore.

Why GitHub-native matters

PR comments keep patch-gap visibility where code review already happens.
GitHub Actions can fail on urgency thresholds and emit SARIF plus remediation summaries.
Webhook-driven remediation PRs turn a ranked finding into a branch and pull request.

Category thesis

Vulnerability scanners count problems. Patch-gap operations compress time between public fix and real patching.

The metric to own is resolved patch-gap MTTP. Everything in Glasswall now points toward that.