|
We built AI-BOM because we scanned our own 4,343 workflows and found hardcoded API keys, unauthenticated AI agents, and MCP clients connecting to unknown servers — all invisible to existing security tools. AI-BOM is the first and only tool that scans n8n workflows for AI security risks. pip install ai-bom
ai-bom scan ./workflows/One command finds every AI Agent node, LLM integration, MCP client, hardcoded credential, and dangerous tool combination — then gives you a risk score and a compliance-ready report. EU AI Act deadline: August 2025. You need an AI inventory. |
AI-BOM by Trusera
|
What does AI-BOM detect in n8n workflows? (click to expand)
| Risk | Severity | What it finds |
|---|---|---|
| AI Agent nodes | CRITICAL | Agents connected to LLMs with tool access — can execute code |
| Hardcoded credentials | CRITICAL | API keys in workflow JSON instead of credential store |
| Dangerous tool combos | CRITICAL | Agents with Code Execution + HTTP Request = RCE risk |
| MCP clients | HIGH | Model Context Protocol connections to external servers |
| Unauthenticated webhooks | HIGH | Webhook triggers exposed to the internet without auth |
| Agent chains | HIGH | Execute Workflow linking agents without input validation |
Beyond n8n, AI-BOM also scans source code (Python, JS, TS, Java, Go, Rust, Ruby), Docker configs, cloud infrastructure (Terraform, CloudFormation), and network endpoints — 21+ AI SDKs detected across 7 languages.
Output formats: CycloneDX SBOM | SARIF (GitHub Code Scanning) | HTML Dashboard | Markdown | JSON
- Enhanced Security: Full security audit completed, all CVEs resolved
- Docker Support: Multi-platform builds for linux/amd64 and linux/arm64
- GitHub Pages: Live searchable interface at zie619.github.io/n8n-workflows
- Performance: 100x faster search with SQLite FTS5 integration
- Modern UI: Completely redesigned interface with dark/light mode
Visit zie619.github.io/n8n-workflows for instant access to:
- Smart Search — Find workflows instantly
- 15+ Categories — Browse by use case
- Mobile Ready — Works on any device
- Direct Downloads — Get workflow JSONs instantly
|
|
- Python 3.9+
- pip (Python package manager)
- 100MB free disk space
# Clone the repository
git clone https://github.com/Zie619/n8n-workflows.git
cd n8n-workflows
# Install dependencies
pip install -r requirements.txt
# Start the server
python run.py
# Open in browser
# http://localhost:8000# Using Docker Hub
docker run -p 8000:8000 zie619/n8n-workflows:latest
# Or build locally
docker build -t n8n-workflows .
docker run -p 8000:8000 n8n-workflows| Endpoint | Method | Description |
|---|---|---|
/ |
GET | Web interface |
/api/search |
GET | Search workflows |
/api/stats |
GET | Repository statistics |
/api/workflow/{id} |
GET | Get workflow JSON |
/api/categories |
GET | List all categories |
/api/export |
GET | Export workflows |
- Full-text search across names, descriptions, and nodes
- Category filtering (Marketing, Sales, DevOps, etc.)
- Complexity filtering (Low, Medium, High)
- Trigger type filtering (Webhook, Schedule, Manual, etc.)
- Service filtering (365+ integrations)
graph LR
A[User] --> B[Web Interface]
B --> C[FastAPI Server]
C --> D[SQLite FTS5]
D --> E[Workflow Database]
C --> F[Static Files]
F --> G[Workflow JSONs]
- Backend: Python, FastAPI, SQLite with FTS5
- Frontend: Vanilla JS, Tailwind CSS
- Database: SQLite with Full-Text Search
- Deployment: Docker, GitHub Actions, GitHub Pages
- Security: Trivy scanning, CORS protection, Input validation
n8n-workflows/
├── workflows/ # 4,343 workflow JSON files
│ └── [category]/ # Organized by integration
├── docs/ # GitHub Pages site
├── src/ # Python source code
├── scripts/ # Utility scripts
├── api_server.py # FastAPI application
├── run.py # Server launcher
├── workflow_db.py # Database manager
└── requirements.txt # Python dependencies
We love contributions! Here's how you can help:
- Report bugs via Issues
- Suggest features in Discussions
- Improve documentation
- Submit workflow fixes
- Star the repository
# Fork and clone
git clone https://github.com/YOUR_USERNAME/n8n-workflows.git
# Create branch
git checkout -b feature/amazing-feature
# Make changes and test
python run.py --debug
# Commit and push
git add .
git commit -m "feat: add amazing feature"
git push origin feature/amazing-feature
# Open PR- Path traversal protection
- Input validation & sanitization
- CORS protection
- Rate limiting
- Docker security hardening
- Non-root container user
- Regular security scanning
Please report security vulnerabilities to the maintainers via Security Advisory.
This project is licensed under the MIT License - see the LICENSE file for details.
If you find this project helpful, please consider:
Star us on GitHub — it motivates us a lot!
Made with care by Zie619 and contributors
AI-BOM — Discover every AI agent, model, and API hiding in your infrastructure.
Open source by Trusera — Securing the Agentic Service Mesh.