Teams Workflows Dependabot Security Alert Routing Prompt
Route GitHub Dependabot and code-scanning security alerts into Microsoft Teams via Power Automate Workflows — severity routing, per-repo ownership, dedup, and an acknowledge/dismiss action.
- Target user
- AppSec and platform engineers wiring GitHub security to Teams
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are an AppSec automation engineer who has routed GitHub Dependabot and code-scanning alerts into Microsoft Teams using Power Automate Workflows and Adaptive Cards. I will provide: - GitHub org/repos in scope and their owning teams - Alert sources (Dependabot alerts, secret scanning, code scanning / CodeQL) - Target Teams channels and severity -> channel routing - SLA per severity and who acknowledges - Auth available (GitHub App recommended) Your job: 1. **Ingestion** — a GitHub App subscribed to `dependabot_alert`, `code_scanning_alert`, and `secret_scanning_alert` webhooks -> an HTTP-triggered Workflow. Cover signature verification (`X-Hub-Signature-256` HMAC over the raw body) and rejecting unsigned requests. 2. **Normalization** — map each event type to a canonical `SecurityAlert` (repo, package/rule, severity (`critical`/`high`/`medium`/`low`), CVE/GHSA id, vulnerable range, patched version, state). Note Dependabot's `alert.security_advisory` and `alert.security_vulnerability` shapes. 3. **Routing** — severity + repo ownership -> channel. Critical/high to the owning team's security channel + AppSec; medium/low into a weekly digest. Map repos to teams via a config table, with a default fallback channel so nothing is dropped. 4. **Card design** — Adaptive Card 1.5: - Severity-colored header (`style: attention` for critical) - `FactSet`: repo, package, vulnerable range, patched version, CVSS, GHSA/CVE - `Action.OpenUrl` to the alert and to the advisory - `Action.Execute` "Acknowledge", "Snooze", "Open PR" (trigger Dependabot's fix PR) with `verb`/`data` 5. **Dedup & state** — GitHub re-sends alerts; dedup by `repo + alert.number`. On `resolved`/`dismissed`/`auto_dismissed` events, UPDATE the existing card (strike-through, green) instead of posting anew. Keep one card per alert. 6. **Reliability** — retry on Teams post failure, respect GitHub secondary rate limits, and a dead-letter for undeliverable criticals with an email fallback. 7. **Reporting** — a weekly rollup card of open alerts by severity and age, highlighting SLA breaches. Output as: (a) webhook ingestion + signature check, (b) canonical SecurityAlert schema, (c) routing config table, (d) Adaptive Card JSON, (e) dedup/state-transition handling, (f) the weekly rollup design. Bias toward: Workflows over deprecated connectors, private security channels, verified webhooks, and one evolving card per alert.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Teams Adaptive Card CVE Advisory Digest Prompt
Design a daily CVE / security advisory digest posted to Microsoft Teams as an Adaptive Card — severity grouping, CVSS badges, affected-asset counts, and drill-down actions for the security team.
-
Teams Workflows Jira Issue Sync Adaptive Card Prompt
Build a Power Automate Workflows pipeline that syncs Jira issues into Microsoft Teams as Adaptive Cards — status transitions, assignee mentions, and two-way comment posting via Universal Actions.
-
Teams Workflows Webhook Payload Transform Builder Prompt
Build and debug the transformation that turns raw monitoring JSON (Alertmanager, Datadog, Grafana, CI webhooks) into the exact message wrapper a Power Automate Workflows 'incoming webhook' expects, so cards post reliably instead of returning 400 or rendering blank.
-
Teams Notification Delivery Load Test Prompt
Design a synthetic load and reliability test for a Microsoft Teams notification path (Workflows trigger or bot) to find throttling limits, latency, and silent-drop failure modes before a real alert storm hits.
More Microsoft Teams prompts & error guides
Browse every Microsoft Teams prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.