arazzo: 1.0.1
info:
  title: JFrog Xray Vulnerability Report
  summary: Generate a vulnerability report and poll until it completes.
  description: >-
    An asynchronous reporting flow. The workflow generates a vulnerability
    report for a repository, then polls the report status in a loop, branching
    back to itself while the status is pending or running and ending once it
    reaches completed. Every step spells out its request inline so the flow can
    be read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: xrayApi
  url: ../openapi/jfrog-xray-openapi.yml
  type: openapi
workflows:
- workflowId: vulnerability-report
  summary: Kick off a vulnerability report and wait for it to finish.
  description: >-
    Generates a vulnerability report scoped to a repository, captures the report
    id, then polls the report status until it is completed.
  inputs:
    type: object
    required:
    - reportName
    - repoKey
    properties:
      reportName:
        type: string
        description: The name to assign to the generated report.
      repoKey:
        type: string
        description: The repository to scope the report to.
  steps:
  - stepId: generateReport
    description: >-
      Generate a vulnerability report scoped to the supplied repository,
      filtering for findings that have remediation.
    operationId: generateVulnerabilityReport
    requestBody:
      contentType: application/json
      payload:
        name: $inputs.reportName
        resources:
          repositories:
          - name: $inputs.repoKey
        filters:
          has_remediation: true
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      reportId: $response.body#/report_id
  - stepId: pollStatus
    description: >-
      Poll the report status. While it is pending or running, loop back and
      check again; once it is completed, finish.
    operationId: getReportStatus
    parameters:
    - name: reportId
      in: path
      value: $steps.generateReport.outputs.reportId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      status: $response.body#/status
      reportId: $response.body#/id
    onSuccess:
    - name: stillRunning
      type: goto
      stepId: pollStatus
      criteria:
      - context: $response.body
        condition: $.status == 'pending' || $.status == 'running'
        type: jsonpath
    - name: finished
      type: end
      criteria:
      - context: $response.body
        condition: $.status == 'completed'
        type: jsonpath
  outputs:
    reportId: $steps.generateReport.outputs.reportId
    status: $steps.pollStatus.outputs.status