Automated Watch
1. What? — Definition and context
Section titled “1. What? — Definition and context”Staying current on security vulnerabilities, on the updates of the 11 technologies in the infrastructure, and on competitor moves — that is a full-time job if done by hand. Three workflows automate this watch at different cadences and from different sources.
The 3 watch types
Section titled “The 3 watch types”| Type | Workflow | Frequency | Source |
|---|---|---|---|
| Security | Security CVE Watch (33n) | Daily 6 AM + DIUN webhook + Monday 9 AM | Trivy scanner |
| Technology | Tech Watch | Daily 8 AM | Perplexity API |
| Competitive | Business Watch | Monday 9 AM | Perplexity API |
Common architecture
Section titled “Common architecture”2. Why? — Stakes and motivations
Section titled “2. Why? — Stakes and motivations”Problems solved
Section titled “Problems solved”| Problem | Without auto watch | With auto watch |
|---|---|---|
| Undetected CVE | Caught by an audit or an incident | Alert by 6 AM |
| Outdated version | ”It worked yesterday” | Breaking-change notification |
| Missed opportunity | Information slipped by | Weekly digest with impact scoring |
Why three separate workflows?
Section titled “Why three separate workflows?”Each watch has a different cadence and source:
| Criterion | Security | Technology | Competitive |
|---|---|---|---|
| Urgency | Critical (zero-day) | Medium | Low |
| Frequency | Daily + reactive | Daily | Weekly |
| Source | Local scanner (Trivy) | Web search (Perplexity) | Web search (Perplexity) |
| Action | Patch immediately | Plan an update | Adapt strategy |
3. How? — Technical implementation
Section titled “3. How? — Technical implementation”Security Watch (CVE Watch)
Section titled “Security Watch (CVE Watch)”This workflow watches 9 Docker images via Trivy:
| Image | Stack | Criticality |
|---|---|---|
| n8nio/n8n | n8n-stack | High |
| odoo:18 | odoo-stack | High |
| caddy:2-alpine | security-stack | Critical |
| postgres:16 | n8n + odoo | High |
| redis:7-alpine | n8n-stack | Medium |
| qdrant/qdrant | ai-stack | Medium |
| crowdsecurity/crowdsec | security-stack | High |
| prometheus | monitoring-stack | Medium |
| grafana | monitoring-stack | Medium |
Three triggers coexist:
- Daily (6 AM): full scan of every image
- DIUN webhook: targeted scan when a new version is detected
- Weekly (Monday 9 AM): aggregated report with trends
The workflow filters by severity (CRITICAL + HIGH), drops CVEs without an available fix, and mutes CVEs already notified to avoid spam. Critical alerts go out instantly with action buttons:
🚨 CRITICAL CVE
Image: caddy:2-alpineCVE: CVE-2026-1234Severity: CRITICAL (9.8)Package: openssl 3.1.2Fix: openssl 3.1.3
[Update Now] [Details] [Defer]Tech Watch
Section titled “Tech Watch”Every morning at 8 AM, the workflow queries Perplexity for the 11 infrastructure technologies with a 7-day recency filter. The llama-3.1-sonar-small-128k-online model is used for speed.
The local AI (claude-haiku-yolo) then reviews the results and assigns a priority score (1-5), boosting security fixes (+1 or +2). Updates with a score >= 4 trigger an immediate alert.
The daily digest is structured per technology with an action code:
| Score | Recommended action |
|---|---|
| 5 | Critical immediate update |
| 4 | Priority update this weekend |
| 3 | Plan in the coming week |
| 1-2 | Informational, no action |
If a major breaking change or security fix is detected, an Obsidian note is automatically created for documentation.
Business Watch
Section titled “Business Watch”Every Monday at 9 AM, this workflow uses Perplexity in large model mode (llama-3.1-sonar-large-128k-online) for deeper market analysis. It watches:
- Competitors: news, fundraising rounds, product launches
- Keywords: “automation workflow”, “ERP cloud France”, “AI integration enterprise”
- Prospects: news on target companies inside the CRM
The unique angle: when a piece of news is about a prospect already in Odoo, the workflow automatically enriches the CRM lead with a summary and creates a follow-up activity at D+2.
4. What if? — Outlook and limits
Section titled “4. What if? — Outlook and limits”Current limits
Section titled “Current limits”| Limit | Impact | Mitigation |
|---|---|---|
| Perplexity = paid API | Cost per request | Small model daily, large weekly |
| CVE false positives | Alerts on non-exploitable CVEs | ”Ignore unfixed” filter + mute already notified |
| No custom image scan | Home-built Dockerfiles not scanned | Planned: cover custom builds |
Evolution scenarios
Section titled “Evolution scenarios”If regulatory watch is needed:
- Add a source for regulatory changes (GDPR, NIS2)
- Alert when compliance work is required
If a sales team is involved:
- Broaden competitive watch with more keywords
- Odoo dashboard with enriched lead scoring
- Per-rep digest
If Docker image volume grows:
- Scan in parallel (batches of 3)
- Prioritise scans by stack criticality
- Reduce frequency for stable images
Related pages
Section titled “Related pages”Infrastructure
Section titled “Infrastructure”- Security Stack — Caddy and CrowdSec watched
- Monitoring Stack — Prometheus and Grafana
Workflows
Section titled “Workflows”- Docker Auto-Updates — Updates triggered by the watch
- Notification Hub — Alert routing
- Telegram Orchestrator — Digest reception
Reference
Section titled “Reference”- Glossary — CVE, Trivy, Perplexity