Quick overview
This workflow runs hourly to monitor n8n-related security information from GitHub Advisories, NVD (NIST) CVE data, GitHub n8n security release notes, and JPCERT/JVN RSS feeds, then summarizes new findings with Anthropic Claude and posts an alert to Slack.
How it works
- Runs every hour on a schedule.
- Fetches the latest items from the GitHub Advisory API, the NVD CVE API, the n8n GitHub Releases Atom feed, and the JPCERT and JVN RSS feeds.
- Parses the XML feeds, normalizes all sources into a single list of n8n-related security items, and removes duplicates and previously notified items using stored IDs.
- Checks whether any new items were found and stops if there are none.
- Sends the new items to Anthropic Claude to generate a concise Japanese summary including importance, affected product, and urgency.
- Formats a Slack Block Kit message and posts the alert to the configured Slack channel.
- Saves the notified item IDs to workflow static data to prevent repeat notifications in future runs.
Setup
- Create an NVD API key and add it as an HTTP Header Auth credential named (or mapped to)
NVD_API_Key with header name apiKey.
- Add an Anthropic API credential for the Claude model used in the summarization step.
- Add a Slack OAuth2 credential and set the target channel name (for example,
#security-alerts) in the Slack message step.
Requirements
- n8n (self-hosted or Cloud)
- NVD API key (free, request at https://nvd.nist.gov/developers/request-an-api-key)
- Anthropic API key (paid, Claude Haiku recommended for cost efficiency)
- Slack workspace with permission to create a Bot App (chat:write, chat:write.public scopes)
Customization
- To monitor a different package instead of n8n, update the query parameters in the GitHub Advisory API and NVD CVE API nodes, and change the filter condition (
name === 'n8n') inside the New Item Filter code node.
- To change the run frequency, edit the interval on the "1h Schedule" node.
- To use a different AI model (e.g
Additional info
Known limitations:
- GitHub Advisory API and NVD API responses are capped at 10 results per call. If more than 10 new items appear within a single hour, the excess items may be missed in that run.
- The n8n release-notes filter only matches titles containing the word "security". Releases with different wording may not be detected.
- The GitHub Advisory API's
package query parameter does not reliably filter results server-side; this workflow re-filters client-side inside the Code node to ensure only n8n-related advisories are reported.
Troubleshooting tip: n8n's Slack node requires the Blocks field to be wrapped as {"blocks": [...]} rather than a bare array — passing a plain array silently falls back to plain text instead of rendering Block Kit.