Slack
Slack Service integration enables Checkmarx One users to notify other team members about completed scans by sending a scan summary report to the corresponding Slack channel.
Scan Events reports include a results summary which presents the number of detected vulnerabilities in the scanned code.
Notice
Reports are only sent for scans in which the specified trigger conditions are met.
In addition, users can receive an SCA New Vulnerability alert when a new vulnerability is identified in a package that is used in their projects.
Notice
For projects with a "primary" branch, notifications are sent for packages used in the last scan of the primary branch. If there is no primary branch, then notifications are based on the last scan of any branch of the project.
Limitations
Limitation | Notes |
|---|---|
Container vulnerabilities are not currently supported for Feedback Apps. This may cause a discrepancy between the summary counters shown in Checkmarx One and the ones sent via Feedback App. | Update planned as part of development of the new Container Security scanner |
Creating a New Feedback App
To create a new Slack Feedback App:
In the main navigation, select Integrations
> Feedback Apps.In the Feedback Apps window, hover over the Slack tile and click on the Configuration icon
The Settings & Trigger Conditions panel is opened on the right side of the screen.
Alternatively, you can create a new Slack Feedback App by performing the following steps:
In the Feedback Apps window, select the Apps tab and click on the Create App button.
In the right side panel, select Slack and click Next.
Settings & Trigger Conditions
Slack Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions.
Configure the following:
Event:
Select the trigger for the alert:
Scan Events - Receive notifications when a scan completes.
SCA New Vulnerability - Receive notifications when a newly discovered SCA vulnerability is detected.
General Settings:
Feedback App Name
Description
Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes.
Filters:
Notice
If you edit an existing Feedback App and remove a previously selected trigger condition, tickets that were created based on that trigger will be closed automatically.
Severity - The severity level of a vulnerability that triggers the Feedback App.
State - To decrease the number of issues created in Slack, specify also the state/s that will trigger Feedback App notifications. Possible states are: Confirmed, Urgent, Proposed Not Exploitable (PNE) or To Verify.
Notice
The states mentioned above are pre-configured for all Checkmarx One accounts. In addition, you can create custom states in your account. Once they are created, you can assign those custom states to results. Custom states are currently supported only for SAST results and this feature is only available for accounts that have the New Access Management (Phase 1) activated. For more info see Custom States.
In conjunction with the severity, this makes the setting more precise.
Scan Engines - Select which scan engine results will be reflected through the Feedback App (By default, all the licensed scanners are enabled).
If the SCA scanner is selected, there is an option to select the Exploitable Path checkbox so that only SCA vulnerabilities for which an Exploitable Path was identified will trigger a notification.
Click Next.
Credentials
Slack Credentials panel contains the Slack incoming webhook URL.
In case that an incoming webhook wasn’t created for the Slack integration, please use the below link to create it:
Configure the following:
URL - Slack incoming webhook URL.
Click Test Connection
Click Save
The new Feedback App will appear in the Integrations Apps Inventory table.
 |
Hovering over an existing Feedback App provides the options to Edit or Delete the Feedback App.
For example:
 |
Viewing Notifications
The following is an example of a notification received from this Feedback App.
