A curated collection of pre-built workflow templates for ShipSec Studio. Browse these templates directly in the Template Library to jumpstart your security automation, monitoring, and DevOps workflows.
This repository is the source of truth for the ShipSec Studio Template Library. Every .json file inside the templates/ directory is automatically synced into the platform and made available for one-click use.
Templates let teams share battle-tested workflows — complete with node configurations, edge connections, and metadata — so others can deploy them in seconds instead of building from scratch.
workflow-templates/
├── templates/
│ ├── trivy-image-scan.json
│ ├── aws-guardduty-alerting.json
│ ├── compliance-audit-report.json
│ └── ...
└── README.md
All template files live in the templates/ directory. Each file is a self-contained JSON document.
Every template file follows this structure:
| Field | Required | Description |
|---|---|---|
_metadata.name |
Yes | Display name shown in the Template Library |
_metadata.description |
No | Brief description of what the workflow does |
_metadata.category |
Yes | One of the supported categories (see below) |
_metadata.tags |
No | Array of lowercase tags for filtering |
_metadata.author |
Yes | Your name or organization |
_metadata.version |
Yes | Semantic version (e.g., "1.0.0") |
graph.nodes |
Yes | Array of workflow nodes with positions and configurations |
graph.edges |
Yes | Array of connections between nodes |
requiredSecrets |
No | Secrets the workflow needs (displayed to users before use) |
Templates must belong to one of these categories:
| Category | Description |
|---|---|
Security |
Vulnerability scanning, threat detection, security assessments |
Monitoring |
System monitoring, alerting, health checks |
Compliance |
Audit trails, policy checks, regulatory compliance |
Incident Response |
Alert triage, forensics, response playbooks |
Data Processing |
ETL pipelines, data transformation, enrichment |
Integration |
Third-party service connections, API orchestration |
Automation |
General-purpose task automation |
Reporting |
Report generation, dashboards, notifications |
Testing |
QA workflows, test orchestration, validation |
Other |
Everything else |
Use lowercase tags for discoverability. Common tags:
security monitoring automation integration api notification compliance scanning analysis reporting incident response forensics enrichment detection
The ShipSec Studio backend automatically syncs templates from this repository:
- On startup — the backend fetches all files from
templates/via the GitHub API - Manual sync — admins can trigger a sync from the Template Library UI
- ETag caching — repeated syncs use HTTP ETag headers to minimize API calls (a
304 Not Modifiedresponse costs zero rate limit) - Upsert logic — templates are matched by
(repository, path)so updating a file updates the existing template
No authentication is required — this is a public repository.
- Build your workflow in ShipSec Studio
- Click "Publish as Template" on the workflow page
- Fill in the metadata (name, category, tags, author)
- The template JSON is generated and copied to your clipboard
- A GitHub editor opens — paste the code and click "Propose new file"
- Submit a pull request for review
- Fork this repository
- Create a new
.jsonfile in thetemplates/directory - Follow the Template JSON Schema above
- Open a pull request
- Sanitize secrets — never include real API keys, tokens, or passwords. Use
{{SECRET_PLACEHOLDER}}for any secret references and document them inrequiredSecrets. - Include node positions — the
positionfield on each node is required for the visual layout to render correctly in both the Template Library preview and the workflow builder. - Use descriptive names — the template name and description are what users see when browsing. Be clear about what the workflow does.
- One workflow per file — each
.jsonfile should contain a single complete workflow template. - Test before submitting — make sure your workflow runs correctly in Studio before publishing it as a template.
- Navigate to the Template Library in ShipSec Studio (
/templates) - Browse, search, or filter by category and tags
- Click "Use Template" on any card
- Enter a workflow name and provide any required secrets
- Click "Create Workflow" — you'll be taken to the workflow builder with everything pre-configured
Each template card in the library displays a miniature SVG preview of the workflow graph, showing:
- Nodes as card-style elements with labels
- Edges as curved bezier connections with arrows
- Entry points highlighted with a distinct pill shape
Hover over the preview and scroll to zoom into specific areas of the graph. Double-click to reset the view.
- Open an issue for bugs or feature requests
- Join the discussion in ShipSec Studio's community channels
{ "_metadata": { "name": "Trivy Container Image Scan", "description": "Scans container images for vulnerabilities using Trivy and generates a findings report.", "category": "Security", "tags": ["security", "scanning", "containers", "trivy"], "author": "ShipSec Team", "version": "1.0.0" }, "graph": { "nodes": [ { "id": "entry-point-1", "type": "workflow", "position": { "x": 0, "y": 150 }, "data": { "label": "Entry Point", "componentId": "core.workflow.entrypoint", "config": { "params": {}, "inputOverrides": {} }, "inputs": {} } }, { "id": "trivy-scan-1", "type": "workflow", "position": { "x": 300, "y": 150 }, "data": { "label": "Trivy Image Scan", "componentId": "security.trivy-image-scan", "config": { "params": { "image": "nginx:latest" }, "inputOverrides": {} }, "inputs": {} } } // ... more nodes ], "edges": [ { "id": "edge-1", "source": "entry-point-1", "target": "trivy-scan-1", "type": "default" } // ... more edges ] }, "requiredSecrets": [ { "name": "DOCKER_REGISTRY_TOKEN", "type": "token", "description": "Authentication token for private container registries" } ] }