Workflows / Github / security_advisory

Github security_advisory Event Notification to Slack & Email

Learn how to listen to the security_advisory webhook event from Github to trigger a notification workflow in MagicBell.

Event payload

Sample payload for the security_advisory event.

{
  "action": "published",
  "security_advisory": {
    "cve_id": "CVE-2025-12345",
    "cvss": {
      "score": 9.8,
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    },
    "cwes": [
      {
        "cwe_id": "CWE-94",
        "name": "Improper Control of Generation of Code ('Code Injection')"
      }
    ],
    "description": "A vulnerability was found in example-package versions \u003c 2.0.0 that allows remote code execution via crafted input.",
    "ghsa_id": "GHSA-xxxx-yyyy-zzzz",
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-xxxx-yyyy-zzzz"
      },
      {
        "type": "CVE",
        "value": "CVE-2025-12345"
      }
    ],
    "published_at": "2025-01-16T18:00:00Z",
    "references": [
      {
        "url": "https://github.com/example/package/security/advisories/GHSA-xxxx-yyyy-zzzz"
      }
    ],
    "severity": "critical",
    "summary": "Remote code execution vulnerability in example-package",
    "updated_at": "2025-01-16T18:00:00Z",
    "vulnerabilities": [
      {
        "first_patched_version": {
          "identifier": "2.0.0"
        },
        "package": {
          "ecosystem": "npm",
          "name": "example-package"
        },
        "severity": "critical",
        "vulnerable_version_range": "\u003c 2.0.0"
      }
    ],
    "withdrawn_at": null
  },
  "sender": {
    "avatar_url": "https://avatars.githubusercontent.com/u/45439246?v=4",
    "html_url": "https://github.com/apps/github-security-advisories",
    "id": 45439246,
    "login": "github-security-advisories[bot]",
    "node_id": "MDM6Qm90NDU0MzkyNDY=",
    "type": "Bot"
  }
}

Connect Github to MagicBell to receive events and trigger workflows. This guide uses the MagicBell CLI.

Add the Github integration

Save your Github webhook signing secret in MagicBell. See GitHub webhooks.

magicbell integration save_github \
  --data '{"webhook_signing_secret":"your_secret_here"}'

Copy the ID from the response and use it to build your webhook URL:

https://api.magicbell.com/v2/integrations/github/webhooks/incoming/{id}

Setup the webhook

Setup a webhook in Github with the URL from the last step.
Select the security_advisory event.
If you already have a webhook configured, make sure it includes this event.

Add a workflow

Create a workflow that triggers automatically when Github sends this event. Use liquid templates to access fields in your workflow.

Workflow key

Use this key to trigger the workflow when Github sends a security_advisory event:

integration.github.security_advisory

Filter by action: GitHub sends the event type in the header and the action in the payload body. Use an if condition to filter for the published action:

"if": "payload.action == 'published'"

Example workflow

Notify security team when new security advisories are published.

{
  "key": "integration.github.security_advisory.published",
  "steps": [
    {
      "command": "broadcast",
      "input": {
        "action_url": "{{payload.security_advisory.references[0].url}}",
        "content": "{{payload.security_advisory.severity}} severity - {{payload.security_advisory.cve_id}}. CVSS Score: {{payload.security_advisory.cvss.score}}",
        "overrides": {
          "providers": {
            "email": {},
            "slack": {}
          }
        },
        "recipients": [
          {
            "external_id": "security-team"
          }
        ],
        "title": "Security Advisory: {{payload.security_advisory.summary}}"
      }
    }
  ]
}

Save with the CLI

Use the MagicBell CLI to save this workflow to your project. You can also use the Workflows API endpoint instead.

magicbell workflow save \
  --data '{"key":"integration.github.security_advisory.published","steps":[{"command":"broadcast","input":{"action_url":"{{payload.security_advisory.references[0].url}}","content":"{{payload.security_advisory.severity}} severity - {{payload.security_advisory.cve_id}}. CVSS Score: {{payload.security_advisory.cvss.score}}","overrides":{"providers":{"email":{},"slack":{}}},"recipients":[{"external_id":"security-team"}],"title":"Security Advisory: {{payload.security_advisory.summary}}"}}]}'

Test the workflow

Use the Github CLI to trigger test events and verify your workflow executes correctly.

1. Trigger a test event

Use the GitHub CLI to forward webhook events from your repository to MagicBell:

gh webhook forward \
  --events=security_advisory \
  --url=https://api.magicbell.com/v2/integrations/github/webhooks/incoming/{id}

2. Verify the workflow ran

Check that MagicBell received the event and executed the workflow:

magicbell workflow list_runs --workflow_key integration.github.security_advisory.published

3. Debug issues

If the workflow failed or you need more details, fetch the run to see step-by-step execution:

magicbell workflow fetch_run --run_id {run_id}

Other security notification workflows

security_and_analysis

Track when security features are enabled or disabled on repositories.

View all Github workflows →