Open-Source Security Workflow Orchestration by ShipSec Studio
▼ Summary
– ShipSec Studio is an open-source platform designed to replace manual scripting with a dedicated orchestration layer for security operations.
– It provides a visual, no-code builder to create automated pipelines from security tools like Subfinder and Nuclei without writing glue code.
– The platform includes orchestration features such as human-in-the-loop pauses, LLM nodes for AI analysis, and native scheduling.
– Its architecture separates management, orchestration, and worker functions across components like Temporal.io and uses containers for isolated task execution.
– The platform is self-hostable via a one-line installer or Docker and is freely available on GitHub.
Security operations have traditionally depended on a fragmented collection of scripts, scheduled tasks, and disconnected tools to manage processes like reconnaissance and vulnerability scanning. A new platform, ShipSec Studio, seeks to modernize this approach by introducing a dedicated open-source security workflow automation layer designed specifically for operational needs.
This platform offers a visual, no-code workflow builder, enabling teams to construct automated pipelines by connecting various security tools without writing integration code. The visual design is compiled into a specialized executable language, which is then run by a separate worker system. It comes with built-in support for essential security utilities, including Subfinder, DNSX, Naabu, and HTTPx for reconnaissance, alongside Nuclei and TruffleHog for vulnerability and secret detection.
The system provides orchestration features that go beyond simple task scheduling. Workflows can incorporate a human-in-the-loop pause mechanism, stopping execution to await manual approval or input before continuing. Teams can also integrate LLM nodes for AI-assisted analysis of tool outputs, using the Model Context Protocol (MCP) as a standardized connection layer. Additional capabilities include native CRON scheduling for recurring tasks and a REST API for external triggering and monitoring.
Architecturally, the platform is structured across three distinct planes. A management plane, built on NestJS, handles workflow compilation, AES-256-GCM encrypted secrets management, and identity. The orchestration plane leverages Temporal.io to manage workflow state, concurrency, and durable execution, ensuring resilience through failures. A stateless worker plane executes tasks within isolated, ephemeral containers. A real-time telemetry system streams logs and events, while the supporting infrastructure uses PostgreSQL, MinIO, Redis, Loki, and Redpanda. The user interface is developed with React 19, ReactFlow for the visual canvas, and xterm.js for terminal output.
The MCP integration includes a pre-built library of servers for services like AWS CloudTrail and CloudWatch, allowing AI agents within workflows to automatically discover and use available tools. For deployment, organizations can host the entire platform on their own infrastructure. A streamlined one-line installer manages dependencies and service startup via Docker, with full documentation provided for self-hosted Docker deployments that meet strict data residency or air-gapped requirements. The project also supports multi-instance setups on a single machine for isolated development and testing environments.
ShipSec Studio is freely available on GitHub.
(Source: Help Net Security)