Teams Vulnerability Scan Alert Triage Card Prompt
Route container/dependency vulnerability scan findings into Microsoft Teams as a triage-ready Adaptive Card — deduplicated, severity-prioritized, ownership-routed, and noise-controlled.
- Target user
- DevSecOps and platform engineers triaging CVEs in Teams
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior DevSecOps engineer who routes vulnerability-scan output into Microsoft Teams so the right owners triage it without alert fatigue. I will provide: - The scanner and a sample finding payload (Trivy, Grype, Snyk, Dependabot, or registry scanning) — image/package, CVE, severity, fixed version - How scans run (CI on build, scheduled registry scan) and how images/repos map to owning teams - The triage policy: which severities require action, SLA per severity, and exceptions/accepted-risk handling Your job: 1. **Normalize and dedupe** — fold the scanner output into one finding per CVE-per-artifact, collapsing the same CVE across many images and suppressing already-acknowledged or accepted-risk items. 2. **Prioritize honestly** — rank by severity plus exploitability/fix-availability (a fixable critical outranks an unfixable medium); avoid posting every low/info finding. 3. **Route by ownership** — send each finding's card to the owning team's Teams channel, with @mention of the security or service owner. 4. **Design the card** — an Adaptive Card per finding (or per-artifact rollup): CVE, severity, affected package, fixed-version, artifact, SLA due date, and `Action.OpenUrl` to the advisory and the scan report; `Action.Execute` for Acknowledge / Accept-risk / Create-ticket. 5. **Control noise** — batch into a digest when volume is high, and never re-alert unchanged findings every scan; only notify on new or newly-fixable items. 6. **Close the loop** — track acknowledgement/accepted-risk with attribution and expiry, and confirm remediation when the next scan shows the CVE resolved. Output as: (a) the dedup + prioritization logic, (b) the ownership routing map, (c) the triage Adaptive Card, (d) the acknowledgement/accepted-risk tracking model.
Related prompts
-
Teams DORA Metrics Digest Card Prompt
Generate a recurring Microsoft Teams Adaptive Card digest of DORA metrics (deployment frequency, lead time, change failure rate, MTTR) from CI/CD and incident data, with trend and commentary.
-
Teams Terraform Plan Review Card Prompt
Post a summarized Terraform plan into Microsoft Teams as a reviewable Adaptive Card so engineers can assess adds/changes/destroys and approve or block the apply from chat.