Cross-Provider Workflow

Sysdig Vulnerability Scan to GitHub Issue and Slack Alert

Version 1.0.0

Scan a container image with Sysdig Secure, file a GitHub issue, and alert Slack.

1 workflow 3 source APIs 3 providers
View Spec View on GitHub ArazzoWorkflowsCross-Provider

Providers Orchestrated

sysdig github slack

Workflows

scan-image-track-and-alert
Scan a Sysdig image, open a GitHub issue, and alert Slack.
Triggers a Sysdig Secure scan for a container image, retrieves vulnerability findings for that image, creates a GitHub issue to track remediation, and posts a Slack alert.
4 steps inputs: imageId, imagePullString, owner, repo, slackChannel outputs: issueUrl, messageTs, vulnCount
1
trigger-scan
$sourceDescriptions.sysdigSecureApi.scanImage
Trigger a vulnerability scan for the container image in Sysdig Secure.
2
get-vulnerabilities
$sourceDescriptions.sysdigSecureApi.getImageVulnerabilities
Retrieve vulnerability findings for the scanned image.
3
open-issue
$sourceDescriptions.githubRepoIssuesApi.createAnIssue
Open a GitHub issue to track remediation of the findings.
4
alert-slack
$sourceDescriptions.slackChatApi.postChatPostmessage
Post a Slack alert summarizing the scan and the new tracking issue.

Source API Descriptions

openapi
sysdigSecureApi https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml
openapi
githubRepoIssuesApi https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-issues-api-openapi.yml
openapi
slackChatApi https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml

Arazzo Workflow Specification

sec-sysdig-vuln-scan-to-github-issue-slack.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Sysdig Vulnerability Scan to GitHub Issue and Slack Alert
  summary: Scan a container image with Sysdig Secure, file a GitHub issue, and alert Slack.
  description: >-
    A security workflow that triggers a Sysdig Secure image vulnerability scan, pulls
    the resulting findings for the image, opens a tracking issue in a GitHub repository,
    and posts a summary alert to a Slack channel so the security team is notified in real
    time. Demonstrates orchestrating a container security scanner, a code host, and a chat
    platform in a single Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: sysdigSecureApi
    url: https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml
    type: openapi
  - name: githubRepoIssuesApi
    url: https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-issues-api-openapi.yml
    type: openapi
  - name: slackChatApi
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: scan-image-track-and-alert
    summary: Scan a Sysdig image, open a GitHub issue, and alert Slack.
    description: >-
      Triggers a Sysdig Secure scan for a container image, retrieves vulnerability findings
      for that image, creates a GitHub issue to track remediation, and posts a Slack alert.
    inputs:
      type: object
      properties:
        imagePullString:
          type: string
        imageId:
          type: string
        owner:
          type: string
        repo:
          type: string
        slackChannel:
          type: string
    steps:
      - stepId: trigger-scan
        description: Trigger a vulnerability scan for the container image in Sysdig Secure.
        operationId: $sourceDescriptions.sysdigSecureApi.scanImage
        requestBody:
          contentType: application/json
          payload:
            pullString: $inputs.imagePullString
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          scanStatus: $response.body#/status
      - stepId: get-vulnerabilities
        description: Retrieve vulnerability findings for the scanned image.
        operationId: $sourceDescriptions.sysdigSecureApi.getImageVulnerabilities
        parameters:
          - name: imageId
            in: path
            value: $inputs.imageId
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          vulnCount: $response.body#/total
          findings: $response.body#/data
      - stepId: open-issue
        description: Open a GitHub issue to track remediation of the findings.
        operationId: $sourceDescriptions.githubRepoIssuesApi.createAnIssue
        parameters:
          - name: owner
            in: path
            value: $inputs.owner
          - name: repo
            in: path
            value: $inputs.repo
        requestBody:
          contentType: application/json
          payload:
            title: Sysdig vulnerability findings for image
            body: A Sysdig Secure scan returned vulnerability findings requiring review.
            labels:
              - security
              - vulnerability
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          issueNumber: $response.body#/number
          issueUrl: $response.body#/html_url
      - stepId: alert-slack
        description: Post a Slack alert summarizing the scan and the new tracking issue.
        operationId: $sourceDescriptions.slackChatApi.postChatPostmessage
        requestBody:
          contentType: application/x-www-form-urlencoded
          payload:
            channel: $inputs.slackChannel
            text: New Sysdig vulnerability findings tracked in GitHub issue.
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      vulnCount: $steps.get-vulnerabilities.outputs.vulnCount
      issueUrl: $steps.open-issue.outputs.issueUrl
      messageTs: $steps.alert-slack.outputs.messageTs