slack icon indicating copy to clipboard operation
slack copied to clipboard

Published 20 hours ago verified publisher icon integrations

Add GHAS Alerts to Slack

Open josepalafox opened this issue 3 years ago • 9 comments
trafficstars

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

User wants to receive GHAS webhook events with the payload for secrets, code-scanning and dependabot and have it display in chat.

This will allow security teams to get notified of repo level alerts on repositories that they maybe aren't subscribed to and take remediation steps like rotating a secret or triaging a known security vulnerability.

Describe the solution you'd like A clear and concise description of what you want to happen.

Webhook alerts for GHAS flow into Team/slack -

https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert

https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#repository_vulnerability_alert

https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

We shoot these events into other reporting services, there's no need per se to have them in Chat but some users like to use chatops models more than others so this just supports however teams are structured for security response.

Additional context Add any other context or screenshots about the feature request here.

josepalafox avatar Feb 07 '22 19:02 josepalafox

+1 from me, if it bumps priority. Q2 FY23 is rather far...

vladimir-mencl-eresearch avatar Apr 12 '22 23:04 vladimir-mencl-eresearch

+1 this is a basic ask of most modern security tools, disappointing to see this feature not already available in GHAS

PierreLiddle avatar May 30 '22 06:05 PierreLiddle

we also need this since there is no other good way to get security alerts

ozonni avatar Nov 02 '22 18:11 ozonni

+1 to this, specifically to get dependabot alerts

JuanJTorres11 avatar Feb 28 '23 21:02 JuanJTorres11

ability to subscribe to all security notifications would be great

5UP4F15H avatar May 25 '23 08:05 5UP4F15H

Any news on this feature ? Would be great to have those secret detection alerts in Slack.

Ph0xel avatar Oct 13 '23 12:10 Ph0xel

I ended up writing a bash script to parse and post them directly with an api key. Can share if you like.

On Fri, 13 Oct 2023 at 23:12, Ben @.***> wrote:

Any news on this feature ? Would be great to have those secret detection alerts in Slack.

— Reply to this email directly, view it on GitHub https://github.com/integrations/slack/issues/1353#issuecomment-1761414537, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJWVX4NR2ZB7TMUHOPNUCLX7EV2LANCNFSM5NYM5WQA . You are receiving this because you commented.Message ID: @.***>

5UP4F15H avatar Oct 13 '23 15:10 5UP4F15H

@5UP4F15H I'd be interested to see it

nachow16 avatar Nov 06 '23 21:11 nachow16

Had that issue as well, got it to work using AWS API GW and Lambda https://github.com/liavar1/GHAStoSlack

liavar1 avatar Dec 26 '23 12:12 liavar1