--- title: Automated Watch url: https://blog.guigpap.com/en/workflows/veille-automatique/ url_md: https://blog.guigpap.com/en/workflows/veille-automatique.md category: automation date: '2026-03-28' maturite: production techno: - docker - n8n - telegram application: - monitoring - operations --- # Automated Watch > Automatic monitoring of Docker CVEs, technology versions and competitive intelligence ## 1. What? — Definition and context Staying current on security vulnerabilities, on the updates of the 11 technologies in the infrastructure, and on competitor moves — that is a full-time job if done by hand. Three workflows automate this watch at different cadences and from different sources. > **Note - CVE** > > A **CVE** (Common Vulnerabilities and Exposures) is a unique identifier for a known security flaw. Trivy is an open-source scanner that detects CVEs inside Docker images by analysing the installed packages. ### The 3 watch types | Type | Workflow | Frequency | Source | |------|----------|-----------|--------| | **Security** | Security CVE Watch (33n) | Daily 6 AM + DIUN webhook + Monday 9 AM | Trivy scanner | | **Technology** | Tech Watch | Daily 8 AM | Perplexity API | | **Competitive** | Business Watch | Monday 9 AM | Perplexity API | ### Common architecture ```mermaid flowchart TD subgraph Sources["Data sources"] direction TB Trivy["Local Trivy scanner"] Perplexity["Perplexity API"] DIUN["DIUN webhook"] end Analyse["Analysis + filtering · severity, novelty, impact"] Hub["Notification Hub"] TG["Telegram digest with buttons"] Sources --> Analyse --> Hub --> TG ``` --- ## 2. Why? — Stakes and motivations ### Problems solved | Problem | Without auto watch | With auto watch | |---------|--------------------|-----------------| | **Undetected CVE** | Caught by an audit or an incident | Alert by 6 AM | | **Outdated version** | "It worked yesterday" | Breaking-change notification | | **Missed opportunity** | Information slipped by | Weekly digest with impact scoring | ### Why three separate workflows? Each watch has a different cadence and source: | Criterion | Security | Technology | Competitive | |-----------|----------|------------|-------------| | **Urgency** | Critical (zero-day) | Medium | Low | | **Frequency** | Daily + reactive | Daily | Weekly | | **Source** | Local scanner (Trivy) | Web search (Perplexity) | Web search (Perplexity) | | **Action** | Patch immediately | Plan an update | Adapt strategy | > **Tip - Morning cascade** > > The three watches are staggered: security at 6 AM (before waking up), tech at 8 AM (with coffee), business on Monday 9 AM (start of the week). Each report has its moment. --- ## 3. How? — Technical implementation ### Security Watch (CVE Watch) This workflow watches 9 Docker images via Trivy: | Image | Stack | Criticality | |-------|-------|-------------| | n8nio/n8n | n8n-stack | High | | odoo:18 | odoo-stack | High | | caddy:2-alpine | security-stack | Critical | | postgres:16 | n8n + odoo | High | | redis:7-alpine | n8n-stack | Medium | | qdrant/qdrant | ai-stack | Medium | | crowdsecurity/crowdsec | security-stack | High | | prometheus | monitoring-stack | Medium | | grafana | monitoring-stack | Medium | Three triggers coexist: - **Daily (6 AM)**: full scan of every image - **DIUN webhook**: targeted scan when a new version is detected - **Weekly (Monday 9 AM)**: aggregated report with trends The workflow filters by severity (CRITICAL + HIGH), drops CVEs without an available fix, and mutes CVEs already notified to avoid spam. Critical alerts go out instantly with action buttons: ```text 🚨 CRITICAL CVE Image: caddy:2-alpine CVE: CVE-2026-1234 Severity: CRITICAL (9.8) Package: openssl 3.1.2 Fix: openssl 3.1.3 [Update Now] [Details] [Defer] ``` ### Tech Watch Every morning at 8 AM, the workflow queries Perplexity for the 11 infrastructure technologies with a 7-day recency filter. The `llama-3.1-sonar-small-128k-online` model is used for speed. The local AI (claude-haiku-yolo) then reviews the results and assigns a priority score (1-5), boosting security fixes (+1 or +2). Updates with a score >= 4 trigger an immediate alert. The daily digest is structured per technology with an action code: | Score | Recommended action | |-------|--------------------| | 5 | Critical immediate update | | 4 | Priority update this weekend | | 3 | Plan in the coming week | | 1-2 | Informational, no action | If a major breaking change or security fix is detected, an Obsidian note is automatically created for documentation. ### Business Watch Every Monday at 9 AM, this workflow uses Perplexity in large model mode (`llama-3.1-sonar-large-128k-online`) for deeper market analysis. It watches: - **Competitors**: news, fundraising rounds, product launches - **Keywords**: "automation workflow", "ERP cloud France", "AI integration enterprise" - **Prospects**: news on target companies inside the CRM The unique angle: when a piece of news is about a prospect already in Odoo, the workflow automatically enriches the CRM lead with a summary and creates a follow-up activity at D+2. > **Caution - Automatic CRM enrichment** > > Enrichment is additive: it appends a note to the existing lead without overwriting prior information. The activity created acts as a reminder for the sales team. --- ## 4. What if? — Outlook and limits ### Current limits | Limit | Impact | Mitigation | |-------|--------|------------| | **Perplexity = paid API** | Cost per request | Small model daily, large weekly | | **CVE false positives** | Alerts on non-exploitable CVEs | "Ignore unfixed" filter + mute already notified | | **No custom image scan** | Home-built Dockerfiles not scanned | Planned: cover custom builds | ### Evolution scenarios **If regulatory watch is needed**: - Add a source for regulatory changes (GDPR, NIS2) - Alert when compliance work is required **If a sales team is involved**: - Broaden competitive watch with more keywords - Odoo dashboard with enriched lead scoring - Per-rep digest **If Docker image volume grows**: - Scan in parallel (batches of 3) - Prioritise scans by stack criticality - Reduce frequency for stable images --- ## Related pages ### Infrastructure - [Security Stack](/en/infrastructure/security-stack/) — Caddy and CrowdSec watched - [Monitoring Stack](/en/infrastructure/monitoring-stack/) — Prometheus and Grafana ### Workflows - [Docker Auto-Updates](/en/workflows/docker-updates/) — Updates triggered by the watch - [Notification Hub](/en/workflows/notification-hub/) — Alert routing - [Telegram Orchestrator](/en/workflows/telegram-orchestrator/) — Digest reception ### Reference - [Glossary](/en/reference/glossary/) — CVE, Trivy, Perplexity ## Metadonnees agent - Cet article est issu du blog GuiGPaP Lab. - Contexte global du blog: https://blog.guigpap.com/llms.txt - Contact auteur: https://odoo.guigpap.com/mon-cv - Licence: CC-BY-SA 4.0