Cheng Siong Chin This workflow corresponds to n8n.io template #13900 — we link there as the canonical source.
This workflow follows the Agent → Agenttool recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "423tAM24Uk8vWVO1",
"name": "Smart code governance scan with severity routing and compliance report",
"tags": [],
"nodes": [
{
"id": "549c2193-8d14-47f9-a39d-222633a16088",
"name": "Start Governance Scan",
"type": "n8n-nodes-base.manualTrigger",
"position": [
256,
928
],
"parameters": {},
"typeVersion": 1
},
{
"id": "79799d43-0c8f-47ca-b19d-bab1c71905d5",
"name": "Extract Repository Metadata",
"type": "n8n-nodes-base.ssh",
"position": [
480,
928
],
"parameters": {
"command": "=find {{ $json.repositoryPath }} -type f \\( -name \"*.js\" -o -name \"*.ts\" -o -name \"*.py\" -o -name \"*.java\" -o -name \"*.go\" \\) | head -100"
},
"typeVersion": 1
},
{
"id": "f1634f4b-3e2b-4e8f-8313-afb16af8d519",
"name": "Governance Orchestrator Agent",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
1272,
928
],
"parameters": {
"text": "={{ $json.codebaseData }}",
"options": {
"systemMessage": "You are a Software Governance Orchestrator responsible for coordinating comprehensive code quality and architectural compliance analysis. Your role is to delegate tasks to specialized agents: the Static Code Analysis Agent for detecting anti-patterns and SOLID violations, the Architectural Compliance Agent for validating microservices architecture, and the CTO Report Generation Agent for executive summaries. Coordinate their work and ensure complete coverage of the codebase."
},
"hasOutputParser": true
},
"typeVersion": 3.1
},
{
"id": "e2eecec5-95bf-4b43-bbda-a4e8f0d8fdc3",
"name": "Orchestrator Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
704,
1152
],
"parameters": {
"model": {
"__rl": true,
"mode": "id",
"value": "gpt-4o"
},
"options": {
"temperature": 0.2
},
"builtInTools": {}
},
"credentials": {
"openAiApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.3
},
{
"id": "cb409eaf-2754-420f-a176-3edb4140c0d9",
"name": "Static Code Analysis Agent",
"type": "@n8n/n8n-nodes-langchain.agentTool",
"position": [
832,
1152
],
"parameters": {
"text": "={{ $fromAI(\"codeFiles\", \"The code files and repository structure to analyze\", \"string\") }}",
"options": {
"systemMessage": "You are a Static Code Analysis Expert specializing in detecting anti-patterns, SOLID principle violations (Single Responsibility, Open/Closed, Liskov Substitution, Interface Segregation, Dependency Inversion), code smells, and maintainability risks. Analyze the provided code files and compute a technical debt index (0-100 scale where 0=no debt, 100=critical). Identify specific violations with file paths, line numbers, severity (critical/high/medium/low), and remediation recommendations. Focus on: cyclomatic complexity, code duplication, tight coupling, god classes, long methods, magic numbers, and poor naming conventions."
},
"hasOutputParser": true,
"toolDescription": "Analyzes source code for anti-patterns, SOLID principle violations, code smells, maintainability risks, and computes a technical debt index. Returns structured analysis with severity ratings and specific line-level findings."
},
"typeVersion": 3
},
{
"id": "e4e0b9fc-c39f-444b-a85a-e026644f61f8",
"name": "Static Analysis Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
912,
1360
],
"parameters": {
"model": {
"__rl": true,
"mode": "id",
"value": "gpt-4o"
},
"options": {
"temperature": 0.1
},
"builtInTools": {}
},
"credentials": {
"openAiApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.3
},
{
"id": "08ad314d-7cfa-4d1e-b9dd-c970029d021a",
"name": "Architectural Compliance Agent",
"type": "@n8n/n8n-nodes-langchain.agentTool",
"position": [
1120,
1152
],
"parameters": {
"text": "={{ $fromAI(\"architectureData\", \"The repository structure and architectural metadata to validate\", \"string\") }}",
"options": {
"systemMessage": "You are an Architectural Compliance Expert specializing in microservices architecture validation. Analyze the codebase structure for: 1) Microservices compliance (service boundaries, API contracts, data ownership, service coupling), 2) Dependency graph stability (circular dependencies, dependency depth, fan-in/fan-out ratios), 3) Scalability constraints (stateful components, shared databases, synchronous coupling, single points of failure). Compute compliance scores (0-100) for each dimension and identify architectural violations with severity ratings and remediation strategies. Focus on: bounded contexts, event-driven patterns, database-per-service, API gateway patterns, and resilience patterns (circuit breakers, bulkheads, timeouts)."
},
"hasOutputParser": true,
"toolDescription": "Validates microservices architecture compliance, analyzes dependency graphs for stability issues, checks scalability constraints, and identifies architectural anti-patterns. Returns structured compliance report with risk scores."
},
"typeVersion": 3
},
{
"id": "289eb137-4135-4ec2-b5d2-adb25ded4522",
"name": "Architectural Analysis Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1200,
1360
],
"parameters": {
"model": {
"__rl": true,
"mode": "id",
"value": "gpt-4o"
},
"options": {
"temperature": 0.1
},
"builtInTools": {}
},
"credentials": {
"openAiApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.3
},
{
"id": "9afb42cf-4ac3-4654-b6a8-a8a4d8809ccc",
"name": "CTO Report Generation Agent",
"type": "@n8n/n8n-nodes-langchain.agentTool",
"position": [
1408,
1152
],
"parameters": {
"text": "={{ $fromAI(\"analysisResults\", \"The combined technical analysis results from code and architecture agents\", \"string\") }}",
"options": {
"systemMessage": "You are a CTO Report Generation Expert who translates technical analysis into executive-level strategic insights. Synthesize the static code analysis and architectural compliance findings into: 1) Risk Matrix (categorize findings by impact vs. likelihood), 2) Remediation Backlog Prioritization (rank issues by business impact, technical debt reduction, and effort required), 3) Compliance Summary (overall health scores, trend analysis, key metrics). Present findings in business terms with ROI implications, resource requirements, and timeline recommendations. Focus on strategic decision-making support rather than technical details."
},
"hasOutputParser": true,
"toolDescription": "Synthesizes technical analysis results into executive-level CTO reports including risk matrices, remediation backlog prioritization, and structured compliance summaries. Produces actionable insights for leadership decision-making."
},
"typeVersion": 3
},
{
"id": "a13811b9-9501-4b15-924c-8dcbd8f74261",
"name": "Report Generation Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1488,
1360
],
"parameters": {
"model": {
"__rl": true,
"mode": "id",
"value": "gpt-4o"
},
"options": {
"temperature": 0.2
},
"builtInTools": {}
},
"credentials": {
"openAiApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.3
},
{
"id": "fae9f570-0ade-4e6f-815c-4a55ec136ae9",
"name": "Structured Governance Output",
"type": "@n8n/n8n-nodes-langchain.outputParserStructured",
"position": [
1984,
1152
],
"parameters": {
"schemaType": "manual",
"inputSchema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"riskMatrix\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"object\",\n\t\t\t\t\"properties\": {\n\t\t\t\t\t\"category\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"impact\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"likelihood\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"severity\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t},\n\t\t\"remediationBacklog\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"object\",\n\t\t\t\t\"properties\": {\n\t\t\t\t\t\"issue\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"priority\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"effort\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"businessImpact\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"timeline\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t},\n\t\t\"complianceSummary\": {\n\t\t\t\"type\": \"object\",\n\t\t\t\"properties\": {\n\t\t\t\t\"technicalDebtIndex\": {\n\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t},\n\t\t\t\t\"architectureComplianceScore\": {\n\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t},\n\t\t\t\t\"overallHealthScore\": {\n\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t},\n\t\t\t\t\"criticalIssuesCount\": {\n\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t},\n\t\t\t\t\"highPriorityCount\": {\n\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t}\n\t\t\t}\n\t\t},\n\t\t\"executiveSummary\": {\n\t\t\t\"type\": \"string\"\n\t\t},\n\t\t\"recommendations\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"string\"\n\t\t\t}\n\t\t}\n\t}\n}"
},
"typeVersion": 1.3
},
{
"id": "336cd47c-bc15-4c84-be71-fad2b77dd04b",
"name": "Format Final Report",
"type": "n8n-nodes-base.set",
"position": [
2192,
928
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "id-1",
"name": "reportGeneratedAt",
"type": "string",
"value": "={{ $now.toISO() }}"
},
{
"id": "id-2",
"name": "repositoryScanned",
"type": "string",
"value": "={{ $('Extract Repository Metadata').item.json.stdout }}"
},
{
"id": "id-3",
"name": "governanceReport",
"type": "object",
"value": "={{ JSON.stringify($json) }}"
}
]
},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "4ad2e870-4848-4009-9584-e0729f477018",
"name": "Check Critical Issues Threshold",
"type": "n8n-nodes-base.if",
"position": [
2416,
928
],
"parameters": {
"options": {},
"conditions": {
"options": {
"leftValue": "",
"caseSensitive": false,
"typeValidation": "loose"
},
"combinator": "and",
"conditions": [
{
"id": "id-1",
"operator": {
"type": "number",
"operation": "gt"
},
"leftValue": "={{ $('Format Final Report').item.json.governanceReport.complianceSummary.criticalIssuesCount }}",
"rightValue": "5"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "263e78ff-4b89-42b3-b26a-d0d025234ea6",
"name": "Security Vulnerability Scanner Agent",
"type": "@n8n/n8n-nodes-langchain.agentTool",
"position": [
1696,
1152
],
"parameters": {
"text": "={{ $fromAI('securityContext', 'The code and dependency information to scan for security vulnerabilities', 'string') }}",
"options": {
"systemMessage": "You are a Security Vulnerability Scanner Expert specializing in identifying security risks in codebases. Analyze code for: 1) Injection vulnerabilities (SQL, NoSQL, command injection, XSS), 2) Authentication and authorization flaws, 3) Sensitive data exposure (hardcoded credentials, API keys, PII leakage), 4) Insecure dependencies (outdated libraries with known CVEs), 5) Security misconfigurations, 6) Cryptographic failures. Map findings to OWASP Top 10 categories, provide CVE references where applicable, and assign CVSS scores. Include specific remediation steps for each vulnerability."
},
"toolDescription": "Scans code for security vulnerabilities including SQL injection, XSS, insecure dependencies, hardcoded secrets, authentication flaws, and OWASP Top 10 risks. Returns vulnerability report with CVE references and remediation guidance."
},
"typeVersion": 3
},
{
"id": "df83aed4-3a5d-401e-8e87-e26fdd0d9752",
"name": "Security Analysis Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1776,
1360
],
"parameters": {
"model": {
"__rl": true,
"mode": "id",
"value": "gpt-4o"
},
"options": {
"temperature": 0.1
},
"builtInTools": {}
},
"credentials": {
"openAiApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.3
},
{
"id": "d80bfa9b-96d9-4b69-9894-08177a813765",
"name": "Aggregate Critical Findings",
"type": "n8n-nodes-base.aggregate",
"position": [
3312,
832
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData"
},
"typeVersion": 1
},
{
"id": "89960bd6-e2f9-489c-9fd1-0e5a8f712bd4",
"name": "Prepare Escalation Alert",
"type": "n8n-nodes-base.set",
"position": [
2640,
832
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "id-1",
"name": "alertType",
"type": "string",
"value": "CRITICAL_THRESHOLD_EXCEEDED"
},
{
"id": "id-2",
"name": "criticalIssuesCount",
"type": "number",
"value": "={{ $json.complianceSummary.criticalIssuesCount }}"
},
{
"id": "id-3",
"name": "escalationRequired",
"type": "boolean",
"value": true
},
{
"id": "id-4",
"name": "alertTimestamp",
"type": "string",
"value": "={{ $now.toISO() }}"
},
{
"id": "id-5",
"name": "fullReport",
"type": "object",
"value": "={{ JSON.stringify($json) }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "04d64000-10e4-4a75-a8b8-94e42ecdcf76",
"name": "Log Standard Report",
"type": "n8n-nodes-base.set",
"position": [
3312,
1096
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "id-1",
"name": "reportStatus",
"type": "string",
"value": "STANDARD_COMPLIANCE"
},
{
"id": "id-2",
"name": "loggedAt",
"type": "string",
"value": "={{ $now.toISO() }}"
},
{
"id": "id-3",
"name": "summary",
"type": "string",
"value": "={{ $json.executiveSummary }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "1bb30211-8614-47c6-bb86-8dbdc65e9051",
"name": "Route by Severity Level",
"type": "n8n-nodes-base.switch",
"position": [
2864,
832
],
"parameters": {
"rules": {
"values": [
{
"conditions": {
"options": {
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"operator": {
"type": "number",
"operation": "lt"
},
"leftValue": "={{ $json.complianceSummary.overallHealthScore }}",
"rightValue": 30
}
]
}
},
{
"conditions": {
"options": {
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"operator": {
"type": "number",
"operation": "lt"
},
"leftValue": "={{ $json.complianceSummary.overallHealthScore }}",
"rightValue": 70
}
]
}
}
]
},
"options": {}
},
"typeVersion": 3.2
},
{
"id": "07dfb175-1339-49da-a927-ff3d4406b67b",
"name": "Merge Analysis Paths",
"type": "n8n-nodes-base.merge",
"position": [
3536,
928
],
"parameters": {},
"typeVersion": 3
},
{
"id": "e07e59a1-6397-49f3-ba04-bdd3516d376d",
"name": "Critical Severity Handler",
"type": "n8n-nodes-base.set",
"position": [
3088,
736
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "id-1",
"name": "severityLevel",
"type": "string",
"value": "CRITICAL"
},
{
"id": "id-2",
"name": "actionRequired",
"type": "string",
"value": "IMMEDIATE_REMEDIATION"
},
{
"id": "id-3",
"name": "notificationPriority",
"type": "string",
"value": "P1"
},
{
"id": "id-4",
"name": "escalationPath",
"type": "string",
"value": "CTO_DIRECT"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "338e6a92-7811-45de-8583-835ea760030c",
"name": "Medium Severity Handler",
"type": "n8n-nodes-base.set",
"position": [
3088,
928
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "id-1",
"name": "severityLevel",
"type": "string",
"value": "MEDIUM"
},
{
"id": "id-2",
"name": "actionRequired",
"type": "string",
"value": "SCHEDULED_REMEDIATION"
},
{
"id": "id-3",
"name": "notificationPriority",
"type": "string",
"value": "P2"
},
{
"id": "id-4",
"name": "escalationPath",
"type": "string",
"value": "ENGINEERING_LEAD"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "941713dc-4c2c-41b5-8c3d-c9d630753e5a",
"name": "Enrich Final Output",
"type": "n8n-nodes-base.set",
"position": [
3760,
928
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "id-1",
"name": "workflowCompletedAt",
"type": "string",
"value": "={{ $now.toISO() }}"
},
{
"id": "id-2",
"name": "totalAgentsInvolved",
"type": "number",
"value": 5
},
{
"id": "id-3",
"name": "analysisDepth",
"type": "string",
"value": "COMPREHENSIVE_MULTI_AGENT"
},
{
"id": "id-4",
"name": "frameworkVersion",
"type": "string",
"value": "2.0-ENHANCED"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "755c0191-cafd-487c-87c5-43b38a555193",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
1584,
304
],
"parameters": {
"color": 5,
"width": 464,
"height": 320,
"content": "## Prerequisites\n- OpenAI or compatible LLM API credentials\n- Git repository access (GitHub, GitLab, or Bitbucket API)\n- Notification channel (Slack, email, or webhook)\n## Use Cases\n- Automated pre-release security and compliance audits\n## Customisation\n- Adjust severity thresholds to match internal risk frameworks\n## Benefits\n- Eliminates manual code audit effort across engineering teams"
},
"typeVersion": 1
},
{
"id": "42baff24-153d-43c8-aca5-15b173f49474",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1056,
384
],
"parameters": {
"width": 416,
"height": 224,
"content": "## Setup Steps\n1. Configure `Extract Repository Metadata` with your Git provider or repository API credentials.\n2. Set severity thresholds in the `Check Critical Issues Threshold` node to match your governance policy.\n3. Configure `Prepare Escalation Alert` with your notification channel."
},
"typeVersion": 1
},
{
"id": "fa8db4bf-223c-41bb-a122-745a9fae2ff6",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
256,
352
],
"parameters": {
"width": 720,
"height": 256,
"content": "## How It Works\nThis workflow automates end-to-end code repository governance scanning using a multi-agent AI orchestration system. Designed for engineering leads, DevSecOps teams, and CTOs, it replaces manual code audits with a structured, AI-driven compliance and security analysis pipeline. The workflow begins by extracting repository metadata, which is passed to a Governance Orchestrator Agent coordinating four specialised sub-agents: Static Code Analysis, Architectural Compliance, CTO Report Generation, and Security Vulnerability Analysis. Outputs are consolidated into a Structured Governance Output, formatted as a final report, then routed by severity level. Critical findings trigger escalation alerts and are aggregated separately, while medium findings are handled independently. All paths converge to merge analysis results, enrich the final output, and deliver a board-ready governance report with full audit traceability."
},
"typeVersion": 1
},
{
"id": "898284e8-d79b-4f03-979a-81ed020ae875",
"name": "Sticky Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2384,
704
],
"parameters": {
"color": 7,
"width": 848,
"height": 608,
"content": "## Severity Routing\n**What** \u2014 Routes findings to Critical or Medium severity handlers.\n**Why** \u2014 Prioritises escalation paths based on risk level automatically."
},
"typeVersion": 1
},
{
"id": "8bdf27b5-618a-4951-9e39-c85ed36cb825",
"name": "Sticky Note4",
"type": "n8n-nodes-base.stickyNote",
"position": [
2144,
720
],
"parameters": {
"color": 7,
"width": 224,
"height": 816,
"content": "## Format Report\n**What** \u2014 Consolidates agent outputs into a structured governance report.\n**Why** \u2014 Ensures consistent, readable output before severity assessment."
},
"typeVersion": 1
},
{
"id": "d3825d03-4629-493b-9ba4-253844ac13d6",
"name": "Sticky Note5",
"type": "n8n-nodes-base.stickyNote",
"position": [
192,
720
],
"parameters": {
"color": 7,
"width": 1920,
"height": 816,
"content": "## Extract, Orchestrator & Sub-Agents\n**What** \u2014 Coordinates static code, architecture, CTO report, and security agents.\n**Why** \u2014 Decomposes governance into specialised tasks for higher accuracy."
},
"typeVersion": 1
},
{
"id": "fe43803d-6563-4bf5-8803-7b06971abaf1",
"name": "Sticky Note6",
"type": "n8n-nodes-base.stickyNote",
"position": [
3248,
688
],
"parameters": {
"color": 7,
"width": 784,
"height": 736,
"content": "## Aggregate, Merge & Deliver\n**What** \u2014 Aggregates critical findings, merges all analysis paths, enriches output, and logs the standard report.\n**Why** \u2014 Unifies parallel outputs into a single audit-ready deliverable with full contextual detail."
},
"typeVersion": 1
}
],
"active": false,
"settings": {
"binaryMode": "separate",
"availableInMCP": false,
"executionOrder": "v1"
},
"versionId": "6ab691a7-1580-41b7-a9f2-1dc4181273ba",
"connections": {
"Orchestrator Model": {
"ai_languageModel": [
[
{
"node": "Governance Orchestrator Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Enrich Final Output": {
"main": [
[]
]
},
"Format Final Report": {
"main": [
[
{
"node": "Check Critical Issues Threshold",
"type": "main",
"index": 0
}
]
]
},
"Log Standard Report": {
"main": [
[
{
"node": "Merge Analysis Paths",
"type": "main",
"index": 0
}
]
]
},
"Merge Analysis Paths": {
"main": [
[
{
"node": "Enrich Final Output",
"type": "main",
"index": 0
}
]
]
},
"Start Governance Scan": {
"main": [
[
{
"node": "Extract Repository Metadata",
"type": "main",
"index": 0
}
]
]
},
"Static Analysis Model": {
"ai_languageModel": [
[
{
"node": "Static Code Analysis Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Medium Severity Handler": {
"main": [
[
{
"node": "Aggregate Critical Findings",
"type": "main",
"index": 0
}
]
]
},
"Report Generation Model": {
"ai_languageModel": [
[
{
"node": "CTO Report Generation Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Route by Severity Level": {
"main": [
[
{
"node": "Critical Severity Handler",
"type": "main",
"index": 0
}
],
[
{
"node": "Medium Severity Handler",
"type": "main",
"index": 0
}
]
]
},
"Security Analysis Model": {
"ai_languageModel": [
[
{
"node": "Security Vulnerability Scanner Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Prepare Escalation Alert": {
"main": [
[
{
"node": "Route by Severity Level",
"type": "main",
"index": 0
}
]
]
},
"Critical Severity Handler": {
"main": [
[
{
"node": "Aggregate Critical Findings",
"type": "main",
"index": 0
}
]
]
},
"Static Code Analysis Agent": {
"ai_tool": [
[
{
"node": "Governance Orchestrator Agent",
"type": "ai_tool",
"index": 0
}
]
]
},
"Aggregate Critical Findings": {
"main": [
[
{
"node": "Merge Analysis Paths",
"type": "main",
"index": 1
}
]
]
},
"CTO Report Generation Agent": {
"ai_tool": [
[
{
"node": "Governance Orchestrator Agent",
"type": "ai_tool",
"index": 0
}
]
]
},
"Extract Repository Metadata": {
"main": [
[
{
"node": "Governance Orchestrator Agent",
"type": "main",
"index": 0
}
]
]
},
"Architectural Analysis Model": {
"ai_languageModel": [
[
{
"node": "Architectural Compliance Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Structured Governance Output": {
"ai_outputParser": [
[
{
"node": "Governance Orchestrator Agent",
"type": "ai_outputParser",
"index": 0
}
]
]
},
"Governance Orchestrator Agent": {
"main": [
[
{
"node": "Format Final Report",
"type": "main",
"index": 0
}
]
]
},
"Architectural Compliance Agent": {
"ai_tool": [
[
{
"node": "Governance Orchestrator Agent",
"type": "ai_tool",
"index": 0
}
]
]
},
"Check Critical Issues Threshold": {
"main": [
[
{
"node": "Prepare Escalation Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "Log Standard Report",
"type": "main",
"index": 0
}
]
]
},
"Security Vulnerability Scanner Agent": {
"ai_tool": [
[
{
"node": "Governance Orchestrator Agent",
"type": "ai_tool",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
openAiApi
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
This workflow automates end-to-end code repository governance scanning using a multi-agent AI orchestration system. Designed for engineering leads, DevSecOps teams, and CTOs, it replaces manual code audits with a structured, AI-driven compliance and security analysis pipeline.…
Source: https://n8n.io/workflows/13900/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
This workflow serves as a comprehensive "Workflow Nodes SEO & Documentation Generator". It uses AI to analyze, rename, and document n8n workflows, offering a streamlined way to optimize workflow reada
Form Trigger, n8n, Output Parser Autofixing +11
🧠 Automate end-to-end SEO blog creation and WordPress publishing using a GPT-5 multi-agent workflow with real-time research, metadata generation, and optional featured images.
Output Parser Structured, HTTP Request, OpenAI +10
This workflow automates legal policy governance for legal teams, policy managers, and compliance officers, eliminating manual document review, approval classification, and multi-channel stakeholder di
Form Trigger, OpenAI Chat, Agent Tool +7
This workflow automates end-to-end candidate evaluation for HR teams and recruiters overwhelmed by high-volume hiring. Designed for talent acquisition professionals, hiring managers, and HR operations
Form Trigger, Agent, Agent Tool +5
This workflow automates academic and professional research proposal generation using a multi-agent AI pipeline. It targets researchers, academics, grant writers, and R&D teams who need structured, hig
Agent, OpenAI Chat, Agent Tool +5