Back to Templates
How it works
When a new vendor ticket is created in Jira, this workflow automatically performs a comprehensive security due-diligence investigation and posts the findings back as a Jira comment plus a Slack notification.
- A Jira webhook fires when an issue is created. An AI agent (Grok) extracts the vendor company name, URL, and product from the issue fields.
- A Seed Discovery agent (Claude + Perplexity) finds the vendor's official domains, trust center, privacy policy, and status page URLs — handling domain aliases automatically.
- Seven specialized research agents run in parallel, each with a focused persona: Compliance, Data Handling, Privacy & Legal, Security Controls, Availability, Pricing, and Company Intel. All use Perplexity sonar-pro-search for live web research.
- A Sanitizer code node strips unpredictable LLM formatting from all 7 outputs.
- A Lead Security Analyst agent (Grok) synthesizes all findings into a risk-scored report, generating Jira Wiki Markup and Slack Block Kit JSON simultaneously.
- The report is posted as a comment on the original Jira ticket, and a rich Slack notification with a "View Report in Jira" button is sent to your security channel.
Set up steps
- OpenRouter — Create an OpenRouter account and add an API credential in n8n. The workflow uses three models:
x-ai/grok-4-fast,anthropic/claude-sonnet-4.5, andperplexity/sonar-pro-search(~10 min) - Jira — Add a Jira credential (API token) and configure a Jira webhook automation to POST to this workflow's webhook URL when an issue is created in your vendor-review project (~10 min)
- Slack — Add a Slack credential (OAuth) and set your target channel in the "Send a message" node (~5 min)
- Jira URL — In the "AI Agent" node, replace
YOUR-JIRA-DOMAINin the Jira Browser URL with your actual Atlassian domain (~1 min)