Cross-Provider Workflow

GitHub Code Scanning Alert to Microsoft Teams

Version 1.0.0

Pull a GitHub code-scanning alert and announce it in a Teams channel.

1 workflow 2 source APIs 2 providers
View Spec View on GitHub ArazzoWorkflowsCross-Provider

Providers Orchestrated

github microsoft-teams

Workflows

codescan-alert-to-teams
List a GitHub code-scanning alert and post it to Microsoft Teams.
Retrieves code-scanning alerts for a repository and sends a Microsoft Teams channel message describing the top alert.
2 steps inputs: channelId, owner, repo, teamId outputs: alertNumber, alertUrl, messageId
1
list-alerts
$sourceDescriptions.githubCodeScanning.listCodeScanningAlertsForRepository
List code-scanning alerts for the GitHub repository.
2
post-to-teams
$sourceDescriptions.microsoftTeams.sendChannelMessage
Post the code-scanning alert into a Microsoft Teams channel.

Source API Descriptions

openapi
githubCodeScanning https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-code-scanning-api-openapi.yml
openapi
microsoftTeams https://raw.githubusercontent.com/api-evangelist/microsoft-teams/refs/heads/main/openapi/microsoft-teams-graph-api.yaml

Arazzo Workflow Specification

dev-github-codescan-alert-to-teams.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: GitHub Code Scanning Alert to Microsoft Teams
  summary: Pull a GitHub code-scanning alert and announce it in a Teams channel.
  description: >-
    A DevSecOps notification workflow that lists code-scanning alerts for a
    GitHub repository and posts the top finding into a Microsoft Teams channel
    so the engineering team is alerted to a new security issue. Demonstrates
    chaining a source-control provider and a collaboration provider in a single
    Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: githubCodeScanning
    url: https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-code-scanning-api-openapi.yml
    type: openapi
  - name: microsoftTeams
    url: https://raw.githubusercontent.com/api-evangelist/microsoft-teams/refs/heads/main/openapi/microsoft-teams-graph-api.yaml
    type: openapi
workflows:
  - workflowId: codescan-alert-to-teams
    summary: List a GitHub code-scanning alert and post it to Microsoft Teams.
    description: >-
      Retrieves code-scanning alerts for a repository and sends a Microsoft
      Teams channel message describing the top alert.
    inputs:
      type: object
      properties:
        owner:
          type: string
        repo:
          type: string
        teamId:
          type: string
        channelId:
          type: string
    steps:
      - stepId: list-alerts
        description: List code-scanning alerts for the GitHub repository.
        operationId: $sourceDescriptions.githubCodeScanning.listCodeScanningAlertsForRepository
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          alertNumber: $response.body#/0/number
          alertUrl: $response.body#/0/html_url
          alertRule: $response.body#/0/rule/description
      - stepId: post-to-teams
        description: Post the code-scanning alert into a Microsoft Teams channel.
        operationId: $sourceDescriptions.microsoftTeams.sendChannelMessage
        requestBody:
          contentType: application/json
          payload:
            body:
              contentType: html
              content: $steps.list-alerts.outputs.alertUrl
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          messageId: $response.body#/id
    outputs:
      alertNumber: $steps.list-alerts.outputs.alertNumber
      alertUrl: $steps.list-alerts.outputs.alertUrl
      messageId: $steps.post-to-teams.outputs.messageId