arazzo: 1.0.1
info:
  title: Sysdig Scanned Image Inventory Review
  summary: List scanned images, pick the first, and pull its vulnerabilities and SBOM.
  description: >-
    An inventory review flow against Sysdig Secure. It lists all container
    images that have been scanned, selects the first image from the inventory,
    retrieves that image's vulnerability findings, and pulls its SBOM so a
    reviewer can assess the most recently catalogued image end to end. Every
    step spells out its request inline so the flow can be read and executed
    without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: sysdigSecure
  url: ../openapi/sysdig-secure-openapi.yml
  type: openapi
workflows:
- workflowId: scanned-image-inventory-review
  summary: Walk the scanned-image inventory and inspect the first image.
  description: >-
    Lists scanned images, takes the first image id, and retrieves both its
    vulnerability findings and its SBOM.
  inputs:
    type: object
    required:
    - bearerToken
    properties:
      bearerToken:
        type: string
        description: Sysdig API bearer token used for Authorization.
      limit:
        type: integer
        description: Maximum number of scanned images to list.
        default: 50
  steps:
  - stepId: listImages
    description: Retrieve the inventory of scanned container images.
    operationId: listScannedImages
    parameters:
    - name: Authorization
      in: header
      value: Bearer $inputs.bearerToken
    - name: limit
      in: query
      value: $inputs.limit
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      imageId: $response.body#/images/0/imageId
      fullTag: $response.body#/images/0/fullTag
  - stepId: getVulns
    description: Retrieve the vulnerability findings for the first scanned image.
    operationId: getImageVulnerabilities
    parameters:
    - name: Authorization
      in: header
      value: Bearer $inputs.bearerToken
    - name: imageId
      in: path
      value: $steps.listImages.outputs.imageId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      vulnerabilities: $response.body#/vulnerabilities
  - stepId: getSbom
    description: Retrieve the SBOM for the first scanned image.
    operationId: getImageSBOM
    parameters:
    - name: Authorization
      in: header
      value: Bearer $inputs.bearerToken
    - name: imageId
      in: path
      value: $steps.listImages.outputs.imageId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      components: $response.body#/components
  outputs:
    imageId: $steps.listImages.outputs.imageId
    fullTag: $steps.listImages.outputs.fullTag
    vulnerabilities: $steps.getVulns.outputs.vulnerabilities
    sbomComponents: $steps.getSbom.outputs.components