lab/nusquama-n8nworkflows-xyz
1
0
Fork 0
mirror of https://github.com/nusquama/n8nworkflows.xyz.git synced 2025-11-26 17:25:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

creation

Browse Source
This commit is contained in:
nusquama
2025-11-25 10:38:49 +01:00
parent 3b03e1df13
commit c273cafe3b
1 changed files with 330 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

330
workflows/Audit Website Security Headers with AI Remediation and Google Sheets Reporting-10990/readme-10990.md Normal file
View File

@@ -0,0 +1,330 @@
Audit Website Security Headers with AI Remediation and Google Sheets Reporting
https://n8nworkflows.xyz/workflows/audit-website-security-headers-with-ai-remediation-and-google-sheets-reporting-10990
# Audit Website Security Headers with AI Remediation and Google Sheets Reporting
### 1. Workflow Overview
This workflow automates the auditing of website security headers, provides AI-driven remediation suggestions, and reports results into Google Sheets. It is designed for security analysts, DevOps teams, or website administrators who want continuous monitoring and actionable insights on HTTP security headers.
The logic is grouped into these blocks:
- **1.1 Input Reception:** Receives URLs via form input to define audit targets.
- **1.2 Header Retrieval & Parsing:** Fetches HTTP headers from the URLs and processes them.
- **1.3 Security Scoring & Grading:** Analyzes parsed headers to compute security scores and grades.
- **1.4 AI Remediation:** Uses AI to suggest remediation steps based on header analysis.
- **1.5 Report Formatting & Export:** Formats the audit results and exports them to Google Sheets.
- **1.6 Alerting:** Builds and sends alert emails summarizing the audit and remediation.
---
### 2. Block-by-Block Analysis
#### 2.1 Input Reception
- **Overview:** Receives a list of URLs via a form trigger to start the audit process.
- **Nodes Involved:** Form Input, URL List
- **Node Details:**
- **Form Input**
- Type: `formTrigger`
- Role: Entry point that listens for external form submissions containing URLs to audit.
- Configuration: Webhook URL exposed for form submissions.
- Inputs: External HTTP form data.
- Outputs: URL list to next node.
- Edge Cases: Missing or invalid URL input could cause failures downstream if not validated.
- **URL List**
- Type: `set`
- Role: Prepares or formats the list of URLs for processing.
- Configuration: Likely sets or reshapes the input data.
- Inputs: From Form Input.
- Outputs: Passed to Fetch Headers.
- Edge Cases: Empty or malformed URL lists can halt processing.
#### 2.2 Header Retrieval & Parsing
- **Overview:** Fetches HTTP headers from each URL and parses them for further analysis.
- **Nodes Involved:** Fetch Headers, Parse Headers
- **Node Details:**
- **Fetch Headers**
- Type: `httpRequest`
- Role: Sends HTTP requests to target URLs to retrieve headers.
- Configuration: Likely configured to perform HEAD or GET requests, with focus on header retrieval.
- Inputs: URL list.
- Outputs: HTTP response headers to Parse Headers.
- Edge Cases: Request timeouts, HTTP errors (404, 500), redirects, or invalid URLs.
- **Parse Headers**
- Type: `code`
- Role: Custom JavaScript code that extracts and normalizes security-related headers from the HTTP response.
- Inputs: HTTP headers from Fetch Headers.
- Outputs: Parsed header objects to Security Scorer.
- Edge Cases: Unexpected header formats or missing expected headers.
#### 2.3 Security Scoring & Grading
- **Overview:** Scores the security posture of the headers and calculates an overall grade.
- **Nodes Involved:** Security Scorer, Grade Calculator, If
- **Node Details:**
- **Security Scorer**
- Type: `code`
- Role: Evaluates each header against best practices and assigns security scores.
- Inputs: Parsed headers.
- Outputs: Scores and scoring details to Grade Calculator.
- Edge Cases: Logic errors in scoring or incomplete header data.
- **Grade Calculator**
- Type: `code`
- Role: Computes an overall letter grade or rating based on scores.
- Inputs: Scores from Security Scorer.
- Outputs: Grade data to conditional logic (If) and formatted report.
- Edge Cases: Calculation errors or unexpected score input.
- **If**
- Type: `if`
- Role: Conditional branching based on grade or score.
- Inputs: Grade data.
- Outputs: Passes to AI Remediation Agent on true branch.
- Edge Cases: Undefined conditions or missing inputs.
#### 2.4 AI Remediation
- **Overview:** Uses AI to generate remediation suggestions for security header weaknesses.
- **Nodes Involved:** AI Remediation Agent, AI Remediation Model, Data Aggregator
- **Node Details:**
- **AI Remediation Model**
- Type: `lmChatOpenRouter` (LangChain OpenAI Chat Model)
- Role: Language model that processes audit data and generates remediation text.
- Inputs: Receives prompts from AI Remediation Agent.
- Outputs: Responses to AI Remediation Agent.
- Configuration: Requires OpenAI credentials and model parameters.
- Edge Cases: API limits, authentication errors, or response latency.
- **AI Remediation Agent**
- Type: `agent` (LangChain Agent)
- Role: Orchestrates AI calls and processes audit data for remediation generation.
- Inputs: Grade data (from If node).
- Outputs: Remediation content to Data Aggregator.
- Edge Cases: Failure to parse AI output or API call failures.
- **Data Aggregator**
- Type: `code`
- Role: Aggregates remediation and scoring data into a structured format.
- Inputs: AI remediation output.
- Outputs: Data to Style Constants.
- Edge Cases: Data mismatch or aggregation errors.
#### 2.5 Report Formatting & Export
- **Overview:** Prepares the final report for export and sends data to Google Sheets.
- **Nodes Involved:** Style Constants, Content Builder, Email Formatter, Format Report, Export to Sheets
- **Node Details:**
- **Style Constants**
- Type: `code`
- Role: Defines styling and formatting constants for reports/emails.
- Inputs: Aggregated data.
- Outputs: Styled data to Content Builder.
- Edge Cases: Missing style definitions.
- **Content Builder**
- Type: `code`
- Role: Constructs the textual and HTML content of the report and email.
- Inputs: Style constants.
- Outputs: Content to Email Formatter.
- **Email Formatter**
- Type: `code`
- Role: Formats content specifically for email delivery.
- Inputs: Content Builder output.
- Outputs: Final email content to Send Alert.
- **Format Report**
- Type: `set`
- Role: Structures the report data for Google Sheets export.
- Inputs: Grade Calculator output.
- Outputs: To Export to Sheets.
- **Export to Sheets**
- Type: `googleSheets`
- Role: Appends or updates the audit data in a configured Google Sheets spreadsheet.
- Inputs: Formatted report.
- Configuration: Requires Google Sheets OAuth2 credentials.
- Edge Cases: API rate limits, permission errors, or sheet not found.
#### 2.6 Alerting
- **Overview:** Sends an email alert with audit and remediation details.
- **Nodes Involved:** Send Alert
- **Node Details:**
- **Send Alert**
- Type: `gmail`
- Role: Sends email alerts based on formatted email content.
- Inputs: Email formatted data.
- Configuration: OAuth2 credentials for Gmail.
- Edge Cases: Authentication errors, email delivery failures, or invalid recipient addresses.
---
### 3. Summary Table
| Node Name | Node Type | Functional Role | Input Node(s) | Output Node(s) | Sticky Note |
|---------------------|------------------------|-----------------------------------------|-----------------------|--------------------------|---------------------------|
| Workflow Documentation | stickyNote | Documentation placeholder | - | - | |
| Setup Instructions | stickyNote | Setup instructions placeholder | - | - | |
| URL List | set | Prepares URL list for processing | Form Input | Fetch Headers | |
| Fetch Headers | httpRequest | Retrieves HTTP headers from URLs | URL List | Parse Headers | |
| Parse Headers | code | Parses raw HTTP headers | Fetch Headers | Security Scorer | |
| Security Scorer | code | Scores security headers | Parse Headers | Grade Calculator | |
| Grade Calculator | code | Calculates overall security grade | Security Scorer | If, Format Report | |
| Format Report | set | Formats data for Google Sheets export | Grade Calculator | Export to Sheets | |
| Export to Sheets | googleSheets | Exports report data to Google Sheets | Format Report | - | |
| Data Aggregator | code | Aggregates AI remediation and audit data | AI Remediation Agent | Style Constants | |
| Style Constants | code | Defines styling constants for reports/emails| Data Aggregator | Content Builder | |
| Content Builder | code | Builds content for email and reports | Style Constants | Email Formatter | |
| Email Formatter | code | Formats final email content | Content Builder | Send Alert | |
| Send Alert | gmail | Sends email alert | Email Formatter | - | |
| If | if | Conditional branch on audit grade | Grade Calculator | AI Remediation Agent | |
| AI Remediation Agent| agent (LangChain) | Orchestrates AI remediation suggestions | If | Data Aggregator | |
| AI Remediation Model| lmChatOpenRouter (LangChain) | AI language model for remediation generation| AI Remediation Agent | AI Remediation Agent | Requires OpenAI credentials|
| Form Input | formTrigger | Receives URLs via external form | External HTTP trigger | URL List | |
| Setup Instructions1 | stickyNote | Setup instructions placeholder | - | - | |
| Setup Instructions2 | stickyNote | Setup instructions placeholder | - | - | |
---
### 4. Reproducing the Workflow from Scratch
1. **Create `Form Input` node:**
- Type: `formTrigger`
- Configure webhook for receiving form submissions with URL(s).
- No credentials required.
- Output: Passes form data to next node.
2. **Create `URL List` node:**
- Type: `set`
- Configure to extract, validate, and store URLs from form input data.
- Connect input from Form Input node.
- Output: Passes URLs to Fetch Headers.
3. **Create `Fetch Headers` node:**
- Type: `httpRequest`
- Configure HTTP method to HEAD or GET targeting each URL.
- Set to return response headers only.
- Manage timeouts and retries for robustness.
- Connect input from URL List.
- Output: Pass response headers to Parse Headers.
4. **Create `Parse Headers` node:**
- Type: `code`
- Add JavaScript code to parse response headers, focusing on security headers such as Content-Security-Policy, Strict-Transport-Security, etc.
- Connect input from Fetch Headers.
- Output: Parsed header data to Security Scorer.
5. **Create `Security Scorer` node:**
- Type: `code`
- Implement scoring logic assigning numeric values for each security header presence and quality.
- Connect input from Parse Headers.
- Output: Scores to Grade Calculator.
6. **Create `Grade Calculator` node:**
- Type: `code`
- Calculate overall grade (e.g., A-F) based on aggregated scores.
- Connect input from Security Scorer.
- Output: Connect to If and Format Report nodes.
7. **Create `If` node:**
- Type: `if`
- Configure condition based on grade threshold (e.g., grade below B triggers remediation).
- Connect input from Grade Calculator.
- True branch connects to AI Remediation Agent.
8. **Create `AI Remediation Model` node:**
- Type: `lmChatOpenRouter` (LangChain OpenAI)
- Configure with OpenAI API credentials.
- Set model parameters (temperature, system prompt, etc.).
- No direct input; will be called by AI Remediation Agent.
9. **Create `AI Remediation Agent` node:**
- Type: `agent` (LangChain)
- Configure to orchestrate prompts and responses with AI Remediation Model.
- Connect input from If node true branch.
- Output: Remediation text to Data Aggregator.
10. **Create `Data Aggregator` node:**
- Type: `code`
- Combine remediation suggestions with scoring and URL data.
- Connect input from AI Remediation Agent.
- Output: Pass data to Style Constants.
11. **Create `Style Constants` node:**
- Type: `code`
- Define constants for styling emails and reports.
- Connect input from Data Aggregator.
- Output: Pass to Content Builder.
12. **Create `Content Builder` node:**
- Type: `code`
- Build email and report content using styling constants and aggregated data.
- Connect input from Style Constants.
- Output: Pass to Email Formatter.
13. **Create `Email Formatter` node:**
- Type: `code`
- Format content specifically for email delivery (HTML, plaintext versions).
- Connect input from Content Builder.
- Output: Pass to Send Alert.
14. **Create `Send Alert` node:**
- Type: `gmail`
- Configure with Gmail OAuth2 credentials.
- Set sender, recipient(s), subject, and body from Email Formatter.
- Connect input from Email Formatter.
- Output: None (terminal).
15. **Create `Format Report` node:**
- Type: `set`
- Format audit result data for Google Sheets.
- Connect input from Grade Calculator.
- Output: Pass to Export to Sheets.
16. **Create `Export to Sheets` node:**
- Type: `googleSheets`
- Configure with Google Sheets OAuth2 credentials.
- Specify target spreadsheet and worksheet.
- Set operation to append or update rows.
- Connect input from Format Report.
- Output: None (terminal).
17. **Connect nodes according to the flow:**
Form Input → URL List → Fetch Headers → Parse Headers → Security Scorer → Grade Calculator →
→ If → (True) AI Remediation Agent → Data Aggregator → Style Constants → Content Builder → Email Formatter → Send Alert
→ Grade Calculator → Format Report → Export to Sheets
18. **Add Sticky Notes** for documentation and setup instructions as needed.
---
### 5. General Notes & Resources
| Note Content | Context or Link |
|-------------------------------------------------------------------------------------------------|-----------------------------------------------------|
| Workflow audits website security headers and provides AI-based remediation suggestions. | Workflow purpose |
| OpenAI credentials required for AI Remediation Model and Agent nodes. | AI nodes configuration |
| Google Sheets OAuth2 credentials required for Export to Sheets node. | Google Sheets integration |
| Gmail OAuth2 credentials required for Send Alert node to send emails securely. | Email alerting integration |
| Consider network timeouts and error handling for HTTP requests to avoid blocking workflow runs. | Best practice for HTTP Request nodes |
| LangChain nodes enable advanced AI orchestration within n8n. | AI integration details |
| Workflow designed for continuous or on-demand website security audits. | Use case |
---
**Disclaimer:** The text provided is extracted exclusively from an automated workflow created with n8n, an integration and automation tool. This processing strictly complies with current content policies and contains no illegal, offensive, or protected material. All data handled is legal and publicly available.