Discord Integration
Get BlockSecOps notifications in your Discord server. --- Receive real-time security scan notifications in Discord: - Scan completion alerts with rich embeds -...
Last updated: January 14, 2026
Discord Integration
Get BlockSecOps notifications in your Discord server.
Overview
Receive real-time security scan notifications in Discord:
- Scan completion alerts with rich embeds
- Critical vulnerability notifications
- Color-coded severity indicators
- Direct links to results
Setup
1. Create Discord Webhook
- In Discord, go to your server
- Select the channel for notifications
- Click Edit Channel (gear icon)
- Go to Integrations → Webhooks
- Click New Webhook
- Name it "BlockSecOps" and optionally set an avatar
- Click Copy Webhook URL
2. Add Webhook to BlockSecOps
- Go to Settings → Notification Channels
- Click Add Channel
- Select Discord
- Paste the webhook URL
- Configure notification events
- Click Save
3. Test the Connection
- Click Test next to your Discord channel
- Check Discord for a test notification
- If successful, you're ready to go
Configuration Options
Events
Select which events trigger notifications:
| Event | Description |
|---|---|
scan.completed |
Scan finished successfully |
scan.failed |
Scan encountered an error |
vulnerability.critical |
Critical severity found |
vulnerability.high |
High severity found |
Severity Filter
Only notify above a minimum severity:
| Setting | Notifies On |
|---|---|
| Critical only | Critical |
| High and above | Critical, High |
| Medium and above | Critical, High, Medium |
| All | Critical, High, Medium, Low |
Notification Types
Scan Completed
Discord receives a rich embed:
┌─────────────────────────────────────────────────┐
│ ✅ Scan Completed 🟢 │
├─────────────────────────────────────────────────┤
│ │
│ Contract Token.sol │
│ Status Completed │
│ Duration 45 seconds │
│ │
│ Vulnerabilities │
│ ├─ Critical 0 │
│ ├─ High 2 │
│ ├─ Medium 5 │
│ └─ Low 3 │
│ │
│ Scanners slither, aderyn, mythril │
│ │
│ 🔗 View Results │
├─────────────────────────────────────────────────┤
│ BlockSecOps • Today at 10:30 AM │
└─────────────────────────────────────────────────┘
Critical Vulnerability Found
┌─────────────────────────────────────────────────┐
│ 🚨 Critical Vulnerability Detected 🔴 │
├─────────────────────────────────────────────────┤
│ │
│ Title Reentrancy Vulnerability │
│ Severity Critical │
│ Contract Vault.sol │
│ Location Line 45 │
│ Scanner Slither │
│ │
│ The withdraw function makes an external call │
│ before updating state variables, allowing an │
│ attacker to recursively call back... │
│ │
│ 🔗 View Details │
├─────────────────────────────────────────────────┤
│ BlockSecOps • Today at 10:31 AM │
└─────────────────────────────────────────────────┘
Scan Failed
┌─────────────────────────────────────────────────┐
│ ❌ Scan Failed 🔴 │
├─────────────────────────────────────────────────┤
│ │
│ Contract Vault.sol │
│ Error Compilation failed │
│ │
│ ParserError: Expected ';' but got '}' │
│ at line 23 │
│ │
│ 🔗 View Details │
├─────────────────────────────────────────────────┤
│ BlockSecOps • Today at 10:32 AM │
└─────────────────────────────────────────────────┘
Embed Colors
Discord embeds use color-coded sidebars:
| Severity/Status | Color | Hex |
|---|---|---|
| Critical | Red | #DC3545 |
| High | Orange | #FD7E14 |
| Medium | Yellow | #FFC107 |
| Low | Green | #28A745 |
| Info | Blue | #17A2B8 |
| Success | Green | #28A745 |
| Error | Red | #DC3545 |
Multiple Channels
Different Channels for Different Alerts
Set up multiple Discord webhooks:
#security-alerts (Critical only)
Webhook: https://discord.com/api/webhooks/...
Events: vulnerability.critical
Severity: Critical only
#security-all (All notifications)
Webhook: https://discord.com/api/webhooks/...
Events: scan.completed, scan.failed, vulnerability.critical, vulnerability.high
Severity: All
Project-Specific Channels
Route by project tags:
#defi-security
Filter: Projects tagged "defi"
#nft-security
Filter: Projects tagged "nft"
Webhook URL Management
Finding Your Webhook URL
- Server Settings → Integrations → Webhooks
- Click on your BlockSecOps webhook
- Copy Webhook URL
Regenerating Webhooks
If you need to rotate your webhook:
- Delete the old webhook in Discord
- Create a new webhook
- Update the URL in BlockSecOps
Securing Webhooks
- Webhook URLs are secrets - don't share them publicly
- Don't commit URLs to public repositories
- Use environment variables in automation
Rate Limiting
Discord Webhook Limits
Discord enforces rate limits:
- 30 messages per minute per webhook
- 5 requests per second
BlockSecOps handles this by:
- Queuing messages during rate limits
- Automatic retry with backoff
- Batching rapid notifications
Checking Delivery Status
View delivery history:
Settings → Notification Channels → Delivery History
Shows:
- Successful deliveries
- Failed attempts
- Rate limit events
Bot vs Webhook
Webhooks (What We Use)
- Simple setup - just a URL
- One-way notifications only
- No Discord permissions needed
- Cannot read messages
Discord Bot (Not Supported)
BlockSecOps uses webhooks, not a Discord bot. Benefits:
- No bot invitation required
- No permission management
- Works with any server
Troubleshooting
Not Receiving Notifications
- Verify webhook URL: Check it's not deleted
- Test connection: Use the Test button
- Check channel permissions: Ensure webhook can post
- Check event filters: Ensure events are enabled
Webhook Deleted
If notifications stop working:
- Check if webhook still exists in Discord
- Create a new webhook if needed
- Update URL in BlockSecOps
Embeds Not Displaying
If messages appear as plain text:
- Ensure rich embeds are enabled in your Discord settings
- Check channel permissions allow embed links
- Try a different channel
Rate Limited
If seeing 429 errors:
- Reduce notification frequency
- Increase severity threshold
- Split high-volume projects to different webhooks
Security Considerations
What's Shared
Discord notifications include:
- Contract and scan identifiers
- Vulnerability titles and severities
- File names and line numbers
- Links to BlockSecOps dashboard
Notifications do not include:
- Source code content
- Code snippets
- Detailed vulnerability descriptions (truncated for security)
Webhook URL Security
Treat webhook URLs as secrets:
- Anyone with the URL can post to your channel
- Rotate URLs if exposed
- Use private channels for sensitive notifications
Best Practices
Channel Organization
#blocksecops-critical ← Critical only, @here mentions
#blocksecops-alerts ← High and above
#blocksecops-all ← All notifications (no mentions)
Muting During Development
During heavy development:
- Temporarily raise severity threshold to Critical
- Or disable non-critical events
- Re-enable when ready for production
Team Awareness
Use Discord roles:
- Create a
@securityrole - Mentioned in critical alerts
- Team members can mute/unmute
Comparison with Other Channels
| Feature | Discord | Slack | Teams |
|---|---|---|---|
| Rich embeds | Yes | Block Kit | Adaptive Cards |
| Color coding | Yes | Yes | Yes |
| Interactive buttons | Links only | Full | Limited |
| Rate limits | Moderate | Moderate | Strict |
| Self-hosted | No | No | Yes |
Next Steps
- Slack Integration - Slack notifications
- Microsoft Teams - Teams notifications
- Webhooks - Custom HTTP webhooks