{ "name": "Scan code repositories for governance issues with GPT-4o and severity-based reports", "nodes": [ { "id": "549c2193-8d14-47f9-a39d-222633a16088", "name": "Start Governance Scan", "type": "n8n-nodes-base.manualTrigger", "position": [ 256, 928 ] }, { "id": "79799d43-0c8f-47ca-b19d-bab1c71905d5", "name": "Extract Repository Metadata", "type": "n8n-nodes-base.ssh", "position": [ 480, 928 ] }, { "id": "f1634f4b-3e2b-4e8f-8313-afb16af8d519", "name": "Governance Orchestrator Agent", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ 1272, 928 ] }, { "id": "e2eecec5-95bf-4b43-bbda-a4e8f0d8fdc3", "name": "Orchestrator Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 704, 1152 ] }, { "id": "cb409eaf-2754-420f-a176-3edb4140c0d9", "name": "Static Code Analysis Agent", "type": "@n8n/n8n-nodes-langchain.agentTool", "position": [ 832, 1152 ] }, { "id": "e4e0b9fc-c39f-444b-a85a-e026644f61f8", "name": "Static Analysis Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 912, 1360 ] }, { "id": "08ad314d-7cfa-4d1e-b9dd-c970029d021a", "name": "Architectural Compliance Agent", "type": "@n8n/n8n-nodes-langchain.agentTool", "position": [ 1120, 1152 ] }, { "id": "289eb137-4135-4ec2-b5d2-adb25ded4522", "name": "Architectural Analysis Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 1200, 1360 ] }, { "id": "9afb42cf-4ac3-4654-b6a8-a8a4d8809ccc", "name": "CTO Report Generation Agent", "type": "@n8n/n8n-nodes-langchain.agentTool", "position": [ 1408, 1152 ] }, { "id": "a13811b9-9501-4b15-924c-8dcbd8f74261", "name": "Report Generation Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 1488, 1360 ] }, { "id": "fae9f570-0ade-4e6f-815c-4a55ec136ae9", "name": "Structured Governance Output", "type": "@n8n/n8n-nodes-langchain.outputParserStructured", "position": [ 1984, 1152 ] }, { "id": "336cd47c-bc15-4c84-be71-fad2b77dd04b", "name": "Format Final Report", "type": "n8n-nodes-base.set", "position": [ 2192, 928 ] }, { "id": "4ad2e870-4848-4009-9584-e0729f477018", "name": "Check Critical Issues Threshold", "type": "n8n-nodes-base.if", "position": [ 2416, 928 ] }, { "id": "263e78ff-4b89-42b3-b26a-d0d025234ea6", "name": "Security Vulnerability Scanner Agent", "type": "@n8n/n8n-nodes-langchain.agentTool", "position": [ 1696, 1152 ] }, { "id": "df83aed4-3a5d-401e-8e87-e26fdd0d9752", "name": "Security Analysis Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 1776, 1360 ] }, { "id": "d80bfa9b-96d9-4b69-9894-08177a813765", "name": "Aggregate Critical Findings", "type": "n8n-nodes-base.aggregate", "position": [ 3312, 832 ] }, { "id": "89960bd6-e2f9-489c-9fd1-0e5a8f712bd4", "name": "Prepare Escalation Alert", "type": "n8n-nodes-base.set", "position": [ 2640, 832 ] }, { "id": "04d64000-10e4-4a75-a8b8-94e42ecdcf76", "name": "Log Standard Report", "type": "n8n-nodes-base.set", "position": [ 3312, 1096 ] }, { "id": "1bb30211-8614-47c6-bb86-8dbdc65e9051", "name": "Route by Severity Level", "type": "n8n-nodes-base.switch", "position": [ 2864, 832 ] }, { "id": "07dfb175-1339-49da-a927-ff3d4406b67b", "name": "Merge Analysis Paths", "type": "n8n-nodes-base.merge", "position": [ 3536, 928 ] }, { "id": "e07e59a1-6397-49f3-ba04-bdd3516d376d", "name": "Critical Severity Handler", "type": "n8n-nodes-base.set", "position": [ 3088, 736 ] }, { "id": "338e6a92-7811-45de-8583-835ea760030c", "name": "Medium Severity Handler", "type": "n8n-nodes-base.set", "position": [ 3088, 928 ] }, { "id": "941713dc-4c2c-41b5-8c3d-c9d630753e5a", "name": "Enrich Final Output", "type": "n8n-nodes-base.set", "position": [ 3760, 928 ] }, { "id": "755c0191-cafd-487c-87c5-43b38a555193", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ 1584, 304 ], "parameters": { "width": 464, "height": 320, "content": "## Prerequisites\n- OpenAI or compatible LLM API credentials\n- Git repository access (GitHub, GitLab, or Bitbucket API)\n- Notification channel (Slack, email, or webhook)\n## Use Cases\n- Automated pre-re" } }, { "id": "42baff24-153d-43c8-aca5-15b173f49474", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ 1056, 384 ], "parameters": { "width": 416, "height": 224, "content": "## Setup Steps\n1. Configure `Extract Repository Metadata` with your Git provider or repository API credentials.\n2. Set severity thresholds in the `Check Critical Issues Threshold` node to match your g" } }, { "id": "fa8db4bf-223c-41bb-a122-745a9fae2ff6", "name": "Sticky Note2", "type": "n8n-nodes-base.stickyNote", "position": [ 256, 352 ], "parameters": { "width": 720, "height": 256, "content": "## How It Works\nThis workflow automates end-to-end code repository governance scanning using a multi-agent AI orchestration system. Designed for engineering leads, DevSecOps teams, and CTOs, it replac" } }, { "id": "898284e8-d79b-4f03-979a-81ed020ae875", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ 2384, 704 ], "parameters": { "width": 848, "height": 608, "content": "## Severity Routing\n**What** — Routes findings to Critical or Medium severity handlers.\n**Why** — Prioritises escalation paths based on risk level automatically." } }, { "id": "8bdf27b5-618a-4951-9e39-c85ed36cb825", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ 2144, 720 ], "parameters": { "width": 224, "height": 816, "content": "## Format Report\n**What** — Consolidates agent outputs into a structured governance report.\n**Why** — Ensures consistent, readable output before severity assessment." } }, { "id": "d3825d03-4629-493b-9ba4-253844ac13d6", "name": "Sticky Note5", "type": "n8n-nodes-base.stickyNote", "position": [ 192, 720 ], "parameters": { "width": 1920, "height": 816, "content": "## Extract, Orchestrator & Sub-Agents\n**What** — Coordinates static code, architecture, CTO report, and security agents.\n**Why** — Decomposes governance into specialised tasks for higher accuracy." } }, { "id": "fe43803d-6563-4bf5-8803-7b06971abaf1", "name": "Sticky Note6", "type": "n8n-nodes-base.stickyNote", "position": [ 3248, 688 ], "parameters": { "width": 784, "height": 736, "content": "## Aggregate, Merge & Deliver\n**What** — Aggregates critical findings, merges all analysis paths, enriches output, and logs the standard report.\n**Why** — Unifies parallel outputs into a single audit-" } } ], "connections": { "Orchestrator Model": { "ai_languageModel": [ [ { "node": "Governance Orchestrator Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Enrich Final Output": { "main": [ [] ] }, "Format Final Report": { "main": [ [ { "node": "Check Critical Issues Threshold", "type": "main", "index": 0 } ] ] }, "Log Standard Report": { "main": [ [ { "node": "Merge Analysis Paths", "type": "main", "index": 0 } ] ] }, "Merge Analysis Paths": { "main": [ [ { "node": "Enrich Final Output", "type": "main", "index": 0 } ] ] }, "Start Governance Scan": { "main": [ [ { "node": "Extract Repository Metadata", "type": "main", "index": 0 } ] ] }, "Static Analysis Model": { "ai_languageModel": [ [ { "node": "Static Code Analysis Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Medium Severity Handler": { "main": [ [ { "node": "Aggregate Critical Findings", "type": "main", "index": 0 } ] ] }, "Report Generation Model": { "ai_languageModel": [ [ { "node": "CTO Report Generation Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Route by Severity Level": { "main": [ [ { "node": "Critical Severity Handler", "type": "main", "index": 0 } ], [ { "node": "Medium Severity Handler", "type": "main", "index": 0 } ] ] }, "Security Analysis Model": { "ai_languageModel": [ [ { "node": "Security Vulnerability Scanner Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Prepare Escalation Alert": { "main": [ [ { "node": "Route by Severity Level", "type": "main", "index": 0 } ] ] }, "Critical Severity Handler": { "main": [ [ { "node": "Aggregate Critical Findings", "type": "main", "index": 0 } ] ] }, "Static Code Analysis Agent": { "ai_tool": [ [ { "node": "Governance Orchestrator Agent", "type": "ai_tool", "index": 0 } ] ] }, "Aggregate Critical Findings": { "main": [ [ { "node": "Merge Analysis Paths", "type": "main", "index": 1 } ] ] }, "CTO Report Generation Agent": { "ai_tool": [ [ { "node": "Governance Orchestrator Agent", "type": "ai_tool", "index": 0 } ] ] }, "Extract Repository Metadata": { "main": [ [ { "node": "Governance Orchestrator Agent", "type": "main", "index": 0 } ] ] }, "Architectural Analysis Model": { "ai_languageModel": [ [ { "node": "Architectural Compliance Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Structured Governance Output": { "ai_outputParser": [ [ { "node": "Governance Orchestrator Agent", "type": "ai_outputParser", "index": 0 } ] ] }, "Governance Orchestrator Agent": { "main": [ [ { "node": "Format Final Report", "type": "main", "index": 0 } ] ] }, "Architectural Compliance Agent": { "ai_tool": [ [ { "node": "Governance Orchestrator Agent", "type": "ai_tool", "index": 0 } ] ] }, "Check Critical Issues Threshold": { "main": [ [ { "node": "Prepare Escalation Alert", "type": "main", "index": 0 } ], [ { "node": "Log Standard Report", "type": "main", "index": 0 } ] ] }, "Security Vulnerability Scanner Agent": { "ai_tool": [ [ { "node": "Governance Orchestrator Agent", "type": "ai_tool", "index": 0 } ] ] } } }