Dependency Vulnerability Scanner
Daily scan: fetch dependency vulnerabilities (npm, Python, Go, etc.), LLM summarizes critical/high CVEs, affected packages, and patch steps — posted to #security.
Overview
**What it does**: Daily schedule → run or fetch dependency scan (Snyk, Dependabot, npm audit, safety, Trivy SBOM) → code filters by severity (critical/high) → IF any critical/high → LLM summarizes: CVE details, affected packages, patch recommendations (version bump, security patch, deprecation notice) → Slack to #security with count-by-severity + action items. **Setup (4 steps)**: 1. Connect scanner: Snyk, Dependabot (GitHub), npm audit, Python safety, or Trivy (API + token) 2. Add OpenAI credentials: for CVE explanation 3. Configure Slack channel: #security 4. Test: run scan manually; check Slack digest format **Apps/nodes**: Schedule, HTTP request (scan API), code node (severity filter), OpenAI (explanation), Slack. **Credentials required**: Dependency scanner API key, OpenAI account, Slack workspace. **Difficulty**: Easy | **Setup time**: 5 minutes. **Business outcome**: Supply-chain security ↑ proactive visibility, CVE response time ↓ 80%, compliance audits ↑ confidence, patch fatigue ↓ (prioritized not "all-or-nothing").
What's included
Quickstart
- 01
Download the JSON
With an active Library Pass, download the workflow file right from this page or your dashboard.
- 02
Import into n8n
Choose Import from File and select the downloaded JSON. The full agent graph appears, ready to configure.
- 03
Plug in credentials
Each integration node prompts for credentials on first run. The setup guide lists every credential the agent expects.
- 04
Activate and test
Run once with sample input, confirm the expected output, then flip the activate toggle.
Frequently Asked Questions
How do I import this workflow into n8n?
What credentials do I need to provide?
Are the credentials included in the JSON file?
Can I edit or customize the workflow after importing?
What n8n version is required?
What if something breaks after I import it?
Can I use this workflow for my customers or business?
Will the workflow receive updates?
Do I need n8n Pro or a paid plan?
Can I ask for a custom workflow?
Reviews (0)
No reviews yet. Be the first.
Sign in to leave a review.
Included with any pass
This agent — and every other in the library — comes with a Library Pass. One pass, the whole catalog.
Get a Library Pass- Every agent in the library
- All new releases while active
- Unlimited downloads
- Commercial-use license
- Priority email support
- 30-day money-back guarantee
More in Security
Compliance Audit Report Generator
Monthly: compile audit logs by category, detect anomalies (unusual access, unlogged actions), LLM generates executive compliance report — save to doc store, notify audit team.
DNS/SSL Expiry Monitor
Weekly SSL/DNS certificate check: identify expiring certs (<30 days), alert team with expiry dates and remediation steps.
Docker CVE Scan Digest
Daily: pull latest container scan results (Trivy, Snyk), LLM summarizes high/critical CVEs, affected packages, and remediation steps — posted to #security.