Skip to main content

Slack

Slack Service integration enables Checkmarx One users to notify other team members about completed scans by sending a scan summary report to the corresponding Slack channel.

The report includes a results summary which presents the number of detected vulnerabilities in the scanned code.

Notice

Reports are only sent for scans in which the specified trigger conditions are met.

In addition, users can receive alerts when a newly discovered SCA vulnerability is detected in a package that is used in their projects.

Limitations

Limitation

Notes

Container vulnerabilities are not currently supported for Feedback Apps. This may cause a discrepancy between the summary counters shown in Checkmarx One and the ones sent via Feedback App.

Update planned as part of development of the new Container Security scanner

Creating a New Feedback App

To create a new Slack Feedback App, click on Integrations Integrations.png > Slack.

Select_Slack_Create_App.png

The Settings & Trigger Conditions panel is opened on the right side of the screen.

Alternatively, you can create a new Slack Feedback App by performing the following steps:

  1. Click on Integrations Integrations.png > Inventory > Create App.

    JIra_Create_App2.png
  2. In the right side panel, select Slack and click Next.

Settings & Trigger Conditions

Slack Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions.

Configure the following:

  1. Event:

    Select the trigger for the alert:

    • Scan Events - Receive notifications when a scan completes.

    • SCA New Vulnerability - Receive notifications when a newly discovered SCA vulnerability is detected.

    Slack_Settings_and_Trigger_Conditions_1.png
  2. General Settings:

    • Feedback App Name

    • Description

    • Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes.

    Slack_Settings_and_Trigger_Conditions_2.png
  3. Trigger Conditions:

    • Severity - The severity level of a vulnerability that triggers the Feedback App.

    • Status (for Scan Events only) - To decrease the number of issues created in Slack, specify also the status of a vulnerability that triggers the Feedback App.

      In conjunction with the severity, this makes the setting more precise.

    Slack_Settings_and_Trigger_Conditions_3.png
  4. Click Next.

Credentials

Slack Credentials panel contains the Slack incoming webhook URL.

In case that an incoming webhook wasn’t created for the Slack integration, please use the below link to create it:

Slack Incoming Webhooks

Configure the following:

  1. URL - Slack incoming webhook URL.

  2. Click Test Connection

    Slack_Test_Connection.png
  3. Click Save

    Slack_Click_Save.png

 

Viewing Notifications

The following is an example of a notification received from this Feedback App.

image__12_.png