Slack Integration

Get BlockSecOps notifications directly in your Slack workspace.

Overview

Receive real-time security scan notifications in Slack:

• Scan completion alerts with vulnerability counts
• Critical vulnerability notifications
• Beautiful Block Kit formatting with action buttons

---

Quick Setup (Webhook)

The fastest way to get Slack notifications:

1. Create a Slack Webhook

1. Go to Slack API Apps
2. Click Create New App → From scratch
3. Name your app (e.g., "BlockSecOps Alerts")
4. Select your workspace
5. Click Create App

2. Enable Incoming Webhooks

1. In the left sidebar, click Incoming Webhooks
2. Toggle Activate Incoming Webhooks to On
3. Click Add New Webhook to Workspace
4. Select the channel for notifications (e.g., #security-alerts)
5. Click Allow
6. Copy the webhook URL

3. Add to BlockSecOps

1. Go to Admin → Notifications in the BlockSecOps dashboard
2. Click Add Channel
3. Select Slack as channel type
4. Paste your webhook URL
5. Select events to subscribe to:
   • scan.completed - When scans finish
   • vulnerability.critical - Critical findings
   • scan.failed - Scan errors
6. Click Create Channel
7. Click Test to verify the connection

Webhook URL Format

https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX

---

Notification Format

BlockSecOps uses Slack Block Kit for rich, actionable notifications:

Scan Completed

Scan Completed

Contract: Token.sol
Scan ID: abc123

Vulnerabilities Found:
• Critical: 0
• High: 2
• Medium: 5
• Low: 3

[View Results]

Critical Vulnerability

Critical Vulnerability Found

Contract: Token.sol
Severity: Critical
Scanner: Slither

Reentrancy vulnerability detected in withdraw function...

[View Details]

---

Channel Configuration

Default Channel

Set a default channel for all notifications:

1. Go to Settings → Integrations → Slack
2. Select Default Channel
3. Choose from your Slack channels
4. Save

Project-Specific Channels

Route notifications to different channels per project:

1. Go to Projects → Select project → Settings
2. Under Notifications, select Slack Channel
3. Choose the channel for this project
4. Save

---

Notification Types

Scan Completed

✅ Scan Completed: Token.sol

Summary:
• Critical: 0
• High: 2
• Medium: 5
• Low: 3

Duration: 45 seconds
Scanner: Standard preset

[View Results] [View Contract]

Critical Vulnerability Found

🚨 Critical Vulnerability Detected

Title: Reentrancy Vulnerability
Contract: Token.sol
Line: 45
Scanner: Slither
Risk Score: 95

The withdraw function is vulnerable to reentrancy...

[View Details] [Assign to Me]

Scan Failed

❌ Scan Failed: Vault.sol

Error: Compilation failed
Details: ParserError at line 23...

[View Details] [Retry Scan]

Daily Summary

📊 Daily Security Summary - Jan 15, 2025

Scans: 12 completed, 1 failed
New vulnerabilities: 23

By Severity:
• Critical: 0
• High: 4
• Medium: 12
• Low: 7

Top Issues:
1. Missing Access Control (3)
2. Unchecked Return Values (2)
3. Reentrancy Risk (2)

[View Dashboard]

---

Slash Commands

After integration, use Slack commands:

/blocksecops scan

Start a quick scan:

/blocksecops scan <contract-name>

/blocksecops status

Check recent scan status:

/blocksecops status

/blocksecops summary

Get vulnerability summary:

/blocksecops summary [project-name]

---

Interactive Messages

Slack messages include interactive buttons:

View Results

Opens scan results in browser.

Assign to Me

Assigns vulnerability to you.

Mark False Positive

Marks finding as false positive (with confirmation).

Retry Scan

Starts a new scan with same settings.

---

Mentions and Alerts

User Mentions

When vulnerabilities are assigned:

@john.doe has been assigned a critical vulnerability:

Title: Integer Overflow
Contract: Calculator.sol

[View Details]

Channel Alerts

Configure urgent notifications to alert channel:

<!channel> 🚨 Multiple critical vulnerabilities detected in production contracts!

3 critical findings require immediate attention.

[View All]

---

Filtering Notifications

By Severity

Only receive notifications above a threshold:

1. Go to Settings → Integrations → Slack
2. Set Minimum Severity: Critical, High, Medium, or Low
3. Save

By Project

Mute notifications for specific projects:

1. Go to Projects → Select project → Settings
2. Under Notifications, toggle Slack Notifications off
3. Save

By Scanner

Filter notifications by scanner:

1. Go to Settings → Integrations → Slack
2. Under Scanner Filter, select scanners
3. Only findings from selected scanners trigger notifications

---

Scheduled Reports

Daily Digest

Receive a daily summary at a specific time:

1. Go to Settings → Integrations → Slack
2. Enable Daily Digest
3. Set time (e.g., 9:00 AM)
4. Select channel
5. Save

Weekly Report

Get a comprehensive weekly report:

1. Enable Weekly Report
2. Select day (e.g., Monday)
3. Set time
4. Select channel
5. Save

---

Multi-Workspace Support

Enterprise plans support multiple Slack workspaces:

1. Go to Settings → Integrations → Slack
2. Click Add Workspace
3. Connect additional workspace
4. Configure routing rules

Routing Rules

Route notifications based on:

• Project tags
• Team membership
• Severity level
• Scanner type

---

Troubleshooting

Not Receiving Notifications

1. Check Slack connection: Settings → Integrations → Slack status
2. Verify channel: Ensure bot is in the channel
3. Check filters: Review severity and project filters
4. Bot permissions: Re-authorize if needed

Messages Not Posting

1. Ensure BlockSecOps bot is added to channel
2. Check channel isn't archived
3. Verify workspace permissions

Interactive Buttons Not Working

1. Clear Slack cache
2. Re-authorize integration
3. Check browser popup blockers

---

Disconnecting Slack

To remove Slack integration:

1. Go to Settings → Integrations → Slack
2. Click Disconnect
3. Confirm removal

This stops all Slack notifications. You can reconnect anytime.

---

Security

Permissions Used

BlockSecOps requests minimal Slack permissions:

• Post to channels
• Read channel list
• Respond to slash commands

Data Shared

Notifications include:

• Contract names
• Vulnerability titles and severities
• Scan status
• Links to BlockSecOps (no source code)

---

Next Steps

• Email Notifications - Email alerts
• Webhooks - Custom integrations
• Teams - Team notifications