Automated Vulnerability Report For NPM Packages
In this tutorial, we will create our very first workflow using the AI Agent Sandbox example in GripoFlow.
JavaScript Package Vulnerability Scanner Workflow
This workflow will:
- Fetch JavaScript packages from a GitHub repository
- Scan packages for vulnerabilities
- Generate a detailed security report
- Automatically send the report through email
Prerequisites
Before starting, make sure:
- You already have a GripoGPT connection configured
- You already have sandboxes created that will be used in this workflow
Step 1: Create Workflow
Go to the Workflow section and click on Create Workflow.
Fill in the workflow details:
- Name: JavaScript Package Vulnerability Scanner
- Description: Workflow to scan JavaScript packages and send vulnerability reports
- Retries: Configure if needed
- Tags: Add tags according to your project
- Trigger Type: Select
On Demand
You can skip the second step or optionally add variables.
Click on the Submit button.
Step 2: Add Get Packages Sandbox
Now the workflow is created.
Click on the Plus (+) button to add a new node.
From the applications list:
- Select Sandbox
- Choose Bash from the action list
A form will appear.
Inside the form:
- Select Get Packages JSON Sandbox from the dropdown
- Go to the Script field
- Paste the script for fetching packages from the GitHub repository
This script will fetch package JSON files from the repository.
Click on the Submit button.
The first sandbox is now added successfully.
Step 3: Add Review Packages Sandbox
Click on the Plus (+) button again.
From the applications list:
- Select Sandbox
- Choose Bash
Now select:
Review Packages JSON Sandbox
Go to the Script field and paste the review script.
This sandbox will:
- Scan all JSON packages
- Detect vulnerabilities
- Identify outdated versions
- Review security issues
Click on the Submit button.
Now the workflow will automatically review and analyze all package files.
Step 4: Create Final Report
To generate the final vulnerability report, add another sandbox.
Click on the Plus (+) button.
Then:
- Select Sandbox
- Choose Bash
From the dropdown, select:
Template Report Sandbox
Now go to the Script field and paste the report generation script.
This sandbox will generate a complete formatted vulnerability report using the scan results.
Click on the Submit button.
Step 5: Send Report Through Email
Now we will send the generated report through email automatically.
Click on the Plus (+) button again.
From the applications list:
- Select Email
A form will appear.
Fill in the required details:
- Recipient email
- Sender email
- connection
- Message body
- Email format
- Email Subject
After filling out the form, click on the Submit button.
Step 6: Save and Run Workflow
Now your workflow is ready.
Click on the Save button to save the workflow.
After saving, click on the Run button to test whether the workflow is working correctly.
The workflow will now:
- Fetch packages from the GitHub repository
- Review package vulnerabilities
- Generate a detailed report
- Send the report automatically through email
Step 7: Monitor Workflow Execution
You can monitor every step of the workflow from the Execution section.
Inside Execution logs, you can view:
- Activity logs
- Outputs
- Errors
- Sandbox execution details
- Email delivery status
This helps you debug and monitor your workflow in real time.
Conclusion
With GripoFlow, you can automate complex security and DevOps tasks using AI agents and sandbox environments without manual effort.
Using reusable sandboxes and automated workflows, teams can build faster, smarter, and more reliable security operations directly inside GripoFlow.
For a complete visual walkthrough of this workflow, you can watch the video tutorial below to see each step in action.
Watch the full demo video here 👇