Cross-Provider Workflow

Palo Alto Prisma Cloud Compute Image Gate to Slack

Version 1.0.0

Authenticate to Prisma Cloud Compute, read image and CI scan results, and notify Slack.

1 workflow 2 source APIs 2 providers
View Spec View on GitHub ArazzoWorkflowsCross-Provider

Providers Orchestrated

palo-alto-networks slack

Workflows

compute-image-gate
Authenticate, read Prisma image and CI scans, and post a Slack gate.
Authenticates to Prisma Cloud Compute, reads scanned image results and CI scan results, and posts the image gate decision to a Slack channel.
4 steps inputs: password, slackChannel, username outputs: imageCount, messageTs
1
authenticate
$sourceDescriptions.prismaComputeApi.authenticate
Authenticate to Prisma Cloud Compute and obtain a session token.
2
get-images
$sourceDescriptions.prismaComputeApi.getImages
Read scanned image results from Prisma Cloud Compute.
3
get-ci-scans
$sourceDescriptions.prismaComputeApi.getCIScans
Read CI scan results to evaluate the build's image security.
4
post-gate
$sourceDescriptions.slackChatApi.postChatPostmessage
Post the image gate decision to a Slack channel.

Source API Descriptions

openapi
prismaComputeApi https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-prisma-cloud-compute-api-openapi-original.yml
openapi
slackChatApi https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml

Arazzo Workflow Specification

sec-palo-prisma-compute-image-gate-slack.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Palo Alto Prisma Cloud Compute Image Gate to Slack
  summary: Authenticate to Prisma Cloud Compute, read image and CI scan results, and notify Slack.
  description: >-
    A CI image security gate that authenticates to Palo Alto Networks Prisma Cloud Compute,
    reads scanned image results and CI scan outcomes, and posts the gate decision to a Slack
    channel so a build can be promoted or blocked. Demonstrates orchestrating a cloud workload
    protection platform with a chat platform in a single Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: prismaComputeApi
    url: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-prisma-cloud-compute-api-openapi-original.yml
    type: openapi
  - name: slackChatApi
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: compute-image-gate
    summary: Authenticate, read Prisma image and CI scans, and post a Slack gate.
    description: >-
      Authenticates to Prisma Cloud Compute, reads scanned image results and CI scan results,
      and posts the image gate decision to a Slack channel.
    inputs:
      type: object
      properties:
        username:
          type: string
        password:
          type: string
        slackChannel:
          type: string
    steps:
      - stepId: authenticate
        description: Authenticate to Prisma Cloud Compute and obtain a session token.
        operationId: $sourceDescriptions.prismaComputeApi.authenticate
        requestBody:
          contentType: application/json
          payload:
            username: $inputs.username
            password: $inputs.password
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          token: $response.body#/token
      - stepId: get-images
        description: Read scanned image results from Prisma Cloud Compute.
        operationId: $sourceDescriptions.prismaComputeApi.getImages
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          imageCount: $response.body#/0/id
      - stepId: get-ci-scans
        description: Read CI scan results to evaluate the build's image security.
        operationId: $sourceDescriptions.prismaComputeApi.getCIScans
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          ciScanCount: $response.body#/0/_id
      - stepId: post-gate
        description: Post the image gate decision to a Slack channel.
        operationId: $sourceDescriptions.slackChatApi.postChatPostmessage
        requestBody:
          contentType: application/x-www-form-urlencoded
          payload:
            channel: $inputs.slackChannel
            text: Prisma Cloud Compute image gate evaluated for the current build.
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      imageCount: $steps.get-images.outputs.imageCount
      messageTs: $steps.post-gate.outputs.messageTs