Cross-Provider Workflow

Sysdig Vulnerability to GitHub Issue to Slack

Version 1.0.0

Pull a Sysdig vulnerability result, open a GitHub issue, then notify Slack.

1 workflow 3 source APIs 3 providers
View Spec View on GitHub ArazzoWorkflowsCross-Provider

Providers Orchestrated

sysdig github slack

Workflows

vuln-to-issue-to-slack
List a Sysdig vulnerability, open a GitHub issue, and notify Slack.
Retrieves vulnerability results from Sysdig Secure, opens a GitHub remediation issue for the top finding, and posts a Slack message linking to the new issue.
3 steps inputs: owner, repo, slackChannel outputs: issueNumber, issueUrl, messageTs, vulnName
1
list-vulns
$sourceDescriptions.sysdigSecure.listVulnerabilityResults
List vulnerability scan results from Sysdig Secure.
2
open-issue
$sourceDescriptions.githubIssues.createAnIssue
Open a GitHub remediation issue for the vulnerability.
3
notify-slack
$sourceDescriptions.slackChat.postChatPostmessage
Notify the security Slack channel with the issue link.

Source API Descriptions

openapi
sysdigSecure https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml
openapi
githubIssues https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-issues-api-openapi.yml
openapi
slackChat https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml

Arazzo Workflow Specification

dev-sysdig-vuln-to-github-issue-slack.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Sysdig Vulnerability to GitHub Issue to Slack
  summary: Pull a Sysdig vulnerability result, open a GitHub issue, then notify Slack.
  description: >-
    A DevSecOps workflow that lists vulnerability scan results from Sysdig
    Secure, opens a GitHub remediation issue for the finding, and notifies a
    Slack channel so the security team can prioritize a fix. Demonstrates
    chaining a container-security provider, a source-control provider, and a
    chat provider in a single Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: sysdigSecure
    url: https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml
    type: openapi
  - name: githubIssues
    url: https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-issues-api-openapi.yml
    type: openapi
  - name: slackChat
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: vuln-to-issue-to-slack
    summary: List a Sysdig vulnerability, open a GitHub issue, and notify Slack.
    description: >-
      Retrieves vulnerability results from Sysdig Secure, opens a GitHub
      remediation issue for the top finding, and posts a Slack message linking
      to the new issue.
    inputs:
      type: object
      properties:
        owner:
          type: string
        repo:
          type: string
        slackChannel:
          type: string
    steps:
      - stepId: list-vulns
        description: List vulnerability scan results from Sysdig Secure.
        operationId: $sourceDescriptions.sysdigSecure.listVulnerabilityResults
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          vulnName: $response.body#/data/0/vulnName
          vulnSeverity: $response.body#/data/0/severity
      - stepId: open-issue
        description: Open a GitHub remediation issue for the vulnerability.
        operationId: $sourceDescriptions.githubIssues.createAnIssue
        requestBody:
          contentType: application/json
          payload:
            title: $steps.list-vulns.outputs.vulnName
            body: $steps.list-vulns.outputs.vulnSeverity
            labels:
              - security
              - sysdig
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          issueNumber: $response.body#/number
          issueUrl: $response.body#/html_url
      - stepId: notify-slack
        description: Notify the security Slack channel with the issue link.
        operationId: $sourceDescriptions.slackChat.postChatPostmessage
        requestBody:
          contentType: application/json
          payload:
            channel: $inputs.slackChannel
            text: $steps.open-issue.outputs.issueUrl
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      vulnName: $steps.list-vulns.outputs.vulnName
      issueNumber: $steps.open-issue.outputs.issueNumber
      issueUrl: $steps.open-issue.outputs.issueUrl
      messageTs: $steps.notify-slack.outputs.messageTs