Sysdig · Arazzo Workflow

Sysdig Scanned Image Inventory Review

Version 1.0.0

List scanned images, pick the first, and pull its vulnerabilities and SBOM.

1 workflow 1 source API 1 provider
View Spec View on GitHub Cloud SecurityContainersKubernetesRuntime SecuritySecurityVulnerability ManagementMonitoringObservabilityCSPMComplianceArazzoWorkflows

Provider

sysdig

Workflows

scanned-image-inventory-review
Walk the scanned-image inventory and inspect the first image.
Lists scanned images, takes the first image id, and retrieves both its vulnerability findings and its SBOM.
3 steps inputs: bearerToken, limit outputs: fullTag, imageId, sbomComponents, vulnerabilities
1
listImages
listScannedImages
Retrieve the inventory of scanned container images.
2
getVulns
getImageVulnerabilities
Retrieve the vulnerability findings for the first scanned image.
3
getSbom
getImageSBOM
Retrieve the SBOM for the first scanned image.

Source API Descriptions

openapi
sysdigSecure https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml

Arazzo Workflow Specification

sysdig-scanned-image-inventory-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Sysdig Scanned Image Inventory Review
  summary: List scanned images, pick the first, and pull its vulnerabilities and SBOM.
  description: >-
    An inventory review flow against Sysdig Secure. It lists all container
    images that have been scanned, selects the first image from the inventory,
    retrieves that image's vulnerability findings, and pulls its SBOM so a
    reviewer can assess the most recently catalogued image end to end. Every
    step spells out its request inline so the flow can be read and executed
    without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: sysdigSecure
  url: ../openapi/sysdig-secure-openapi.yml
  type: openapi
workflows:
- workflowId: scanned-image-inventory-review
  summary: Walk the scanned-image inventory and inspect the first image.
  description: >-
    Lists scanned images, takes the first image id, and retrieves both its
    vulnerability findings and its SBOM.
  inputs:
    type: object
    required:
    - bearerToken
    properties:
      bearerToken:
        type: string
        description: Sysdig API bearer token used for Authorization.
      limit:
        type: integer
        description: Maximum number of scanned images to list.
        default: 50
  steps:
  - stepId: listImages
    description: Retrieve the inventory of scanned container images.
    operationId: listScannedImages
    parameters:
    - name: Authorization
      in: header
      value: Bearer $inputs.bearerToken
    - name: limit
      in: query
      value: $inputs.limit
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      imageId: $response.body#/images/0/imageId
      fullTag: $response.body#/images/0/fullTag
  - stepId: getVulns
    description: Retrieve the vulnerability findings for the first scanned image.
    operationId: getImageVulnerabilities
    parameters:
    - name: Authorization
      in: header
      value: Bearer $inputs.bearerToken
    - name: imageId
      in: path
      value: $steps.listImages.outputs.imageId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      vulnerabilities: $response.body#/vulnerabilities
  - stepId: getSbom
    description: Retrieve the SBOM for the first scanned image.
    operationId: getImageSBOM
    parameters:
    - name: Authorization
      in: header
      value: Bearer $inputs.bearerToken
    - name: imageId
      in: path
      value: $steps.listImages.outputs.imageId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      components: $response.body#/components
  outputs:
    imageId: $steps.listImages.outputs.imageId
    fullTag: $steps.listImages.outputs.fullTag
    vulnerabilities: $steps.getVulns.outputs.vulnerabilities
    sbomComponents: $steps.getSbom.outputs.components