In the previous article, I built a complete CI pipeline around a Spring Boot monolith: GitHub → Jenkins → SonarQube → Trivy → Nexus → Docker. I introduced quality gates, security scanning, and artifact management.
But at the end of it, I had more questions than answers. The most important one being - What happens after Trivy generates the security report and uploads it to a nexus repository ? Do people actually go through the entire report?
In this article, we'll continue from the previous project and build an AI-powered DevSecOps workflow:
- Jenkins generates Trivy security reports
- Reports are uploaded into Nexus
- Jenkins triggers an n8n webhook
- n8n downloads the report
- Local Ollama + phi3 analyzes vulnerabilities(smaller LLM because of compute restraints)
- AI summarizes HIGH/CRITICAL findings
- Email notifications are generated automatically
The Architecture:
The Flow:
- Build application
- SonarQube analysis
- Quality Gate validation
- Docker build
- Trivy security scan
- Upload reports to Nexus
- Trigger AI workflow
- Download report dynamically
- Ask local LLM to analyze findings
- Send AI-generated recommendations
The AI component in this setup answers the "What if's" questions that I had before. Before I move to the setup, I want to justify why I added the layer of AI . Let's be fair to the security guys here - Security reports can be long and noisy. It can have dozens of CVE's, dependent vulnerabilities and what not. Having them accountable for any miss sounds unfair. Here's where AI can help, It's like telling someone "read this report and give me the top 10 things i should be worried about in 10 seconds".
Sneak Peak of the setup:
- Ran ollama locally using its docker image. Locally, because i wanted to avoid external API's and also because of poverty (😂)
- Setup n8n also locally using its docker image. This is where we orchestrate the entire process using workflows.
- The jenkins job calls the webhook that n8n listens on.
- N8n kicks off the workflow by : Fetching the trivy report -> The next step is to prepare the AI prompt -> Send to Ollama and transform the response -> Send the report via email
This is how my workflow looks in n8n UI:
The transformed summary of the vulnerability report:
Further improvement is to train our LLM to be a junior SRE.
Top comments (0)