Docker CVE Scan Digest
Daily: pull latest container scan results (Trivy, Snyk), LLM summarizes high/critical CVEs, affected packages, and remediation steps — posted to #security.
Overview
**What it does**: Daily schedule (9am default) → HTTP request to container registry (ECR, Docker Hub, Artifactory, Snyk) → fetch latest Trivy/Snyk scan results → LLM counts CVEs by severity (critical, high, medium), lists top 3 affected packages, recommends fixes (base image bump, dependency update, patch version) → Slack to #security with digest and priority. **Setup (4 steps)**: 1. Connect registry: AWS ECR, Docker Hub, Artifactory, or Snyk (API endpoint + token) 2. Add OpenAI credentials: for vulnerability summarization 3. Configure Slack channel: #security 4. Test: run query manually; verify scan results appear; check digest formatting **Apps/nodes**: Schedule, HTTP request (registry API), OpenAI (summarization), Slack. **Credentials required**: Container registry API key, OpenAI account, Slack workspace. **Difficulty**: Easy | **Setup time**: 6 minutes. **Business outcome**: Security team tracks CVEs proactively (not reactively on incident) → patch window ↓ 50%, vulnerability drift ↓ visibility ↑.
What's included
Quickstart
- 01
Download the JSON
With an active Library Pass, download the workflow file right from this page or your dashboard.
- 02
Import into n8n
Choose Import from File and select the downloaded JSON. The full agent graph appears, ready to configure.
- 03
Plug in credentials
Each integration node prompts for credentials on first run. The setup guide lists every credential the agent expects.
- 04
Activate and test
Run once with sample input, confirm the expected output, then flip the activate toggle.
Frequently Asked Questions
How do I import this workflow into n8n?
What credentials do I need to provide?
Are the credentials included in the JSON file?
Can I edit or customize the workflow after importing?
What n8n version is required?
What if something breaks after I import it?
Can I use this workflow for my customers or business?
Will the workflow receive updates?
Do I need n8n Pro or a paid plan?
Can I ask for a custom workflow?
Reviews (0)
No reviews yet. Be the first.
Sign in to leave a review.
Included with any pass
This agent — and every other in the library — comes with a Library Pass. One pass, the whole catalog.
Get a Library Pass- Every agent in the library
- All new releases while active
- Unlimited downloads
- Commercial-use license
- Priority email support
- 30-day money-back guarantee
More in Security
Compliance Audit Report Generator
Monthly: compile audit logs by category, detect anomalies (unusual access, unlogged actions), LLM generates executive compliance report — save to doc store, notify audit team.
Dependency Vulnerability Scanner
Daily scan: fetch dependency vulnerabilities (npm, Python, Go, etc.), LLM summarizes critical/high CVEs, affected packages, and patch steps — posted to #security.
DNS/SSL Expiry Monitor
Weekly SSL/DNS certificate check: identify expiring certs (<30 days), alert team with expiry dates and remediation steps.