Slack

Receive real-time security alerts and findings in Slack.

PrismSec integrates with Slack to send real-time security alerts to your team. Get notified when new vulnerabilities are detected, auto-fix PRs are opened, or critical findings require immediate attention.

Why Use Slack Integration

  • Immediate awareness — Security findings reach your team in seconds
  • Customizable alerts — Choose which severities and events trigger notifications
  • Per-repository routing — Send alerts for different repositories to different channels
  • Actionable links — Slack messages include direct links to findings, PRs, and the dashboard

Setting Up Slack Integration

1. Connect Slack to PrismSec

  1. Log in to the PrismSec dashboard
  2. Go to SettingsIntegrationsSlack
  3. Click Connect Slack
  4. You'll be redirected to Slack to authorize PrismSec
  5. Select the Slack workspace to connect
  6. Click Allow

PrismSec only requests permission to post messages to channels you specify. We never read message history or access private channels without explicit authorization.

2. Choose Channels

After connecting, configure which Slack channels receive alerts:

  1. In the PrismSec dashboard, go to SettingsIntegrationsSlack
  2. Click Add Channel
  3. Select a repository and a Slack channel from the dropdown
  4. Configure notification preferences (see below)
  5. Click Save

You can route alerts for different repositories to different channels:

Example routing:

  • backend-api#backend-security
  • frontend-app#frontend-security
  • infrastructure#devops-alerts

3. Configure Notification Preferences

For each channel, choose which events trigger notifications:

| Event | Description | |-------|-------------| | New Critical Finding | A Critical-severity vulnerability is detected | | New High Finding | A High-severity vulnerability is detected | | New Medium Finding | A Medium-severity vulnerability is detected | | New Low Finding | A Low-severity vulnerability is detected | | Auto-Fix PR Opened | PrismSec opens a fix pull request | | Scan Failed | A scan encounters an error (rare) | | Risk Score Change | Repository risk score increases or decreases significantly |

Recommended settings:

  • For production repositories: Critical and High only
  • For development repositories: All severities
  • For infrastructure repositories: Critical, High, and Auto-Fix PRs

Example Slack Alerts

New Critical Finding

🚨 Critical Finding Detected

Repository: backend-api
Branch: feature/new-endpoint
Finding: SQL Injection in user authentication

File: auth/login.py
Line: 42
Severity: Critical

User input flows directly into a SQL query without sanitization.
An attacker can inject SQL commands to bypass authentication.

View Finding: https://app.prism-sec.com/findings/abc123
View PR: https://github.com/org/backend-api/pull/456

Auto-Fix PR Opened

🔧 Auto-Fix PR Opened

Repository: frontend-app
Finding: Hardcoded Stripe API Key

PrismSec has opened a fix PR that moves the API key to an environment variable.

Review and Merge: https://github.com/org/frontend-app/pull/789

Action Required:
1. Set STRIPE_SECRET_KEY in your environment
2. Rotate the exposed key in your Stripe dashboard

Risk Score Change

📉 Risk Score Improved

Repository: backend-api
Previous Score: 68 / 100
New Score: 82 / 100

5 findings resolved in the last 24 hours.

View Dashboard: https://app.prism-sec.com/repos/backend-api

Customizing Alerts

Filter by Severity

Only receive alerts for Critical and High findings:

  1. Go to SettingsIntegrationsSlack
  2. Edit the channel configuration
  3. Uncheck Medium and Low under notification preferences

Mute Specific Repositories

To temporarily stop alerts for a repository:

  1. Go to SettingsIntegrationsSlack
  2. Find the repository/channel mapping
  3. Click Mute (alerts are paused but the integration remains active)

To resume alerts, click Unmute.

Daily Digest

Instead of real-time alerts, receive a daily summary of findings:

  1. Go to SettingsIntegrationsSlack
  2. Enable Daily Digest mode
  3. Choose a delivery time (e.g., 9:00 AM in your timezone)

The digest includes:

  • New findings from the last 24 hours
  • Auto-fix PRs opened
  • Risk score trends

Daily digests reduce noise while keeping your team informed about security trends.

Thread Replies

PrismSec can post follow-up updates as threaded replies to keep channels organized:

Example thread:

  1. Initial message: "Critical Finding Detected: SQL Injection"
  2. Reply 1: "Auto-fix PR opened: #789"
  3. Reply 2: "Finding resolved: PR #789 merged"

Enable threaded replies:

  1. Go to SettingsIntegrationsSlack
  2. Edit the channel configuration
  3. Enable Use threads for updates

Slack Commands (Optional)

If you install the PrismSec Slack app (in addition to the webhook integration), you can use slash commands:

| Command | Description | |---------|-------------| | /prismsec status | View repository risk scores | | /prismsec findings [repo] | List open findings for a repository | | /prismsec ignore [finding-id] | Mark a finding as ignored (requires justification) | | /prismsec help | Show available commands |

To install the Slack app:

  1. Go to SettingsIntegrationsSlack
  2. Click Install Slack App
  3. Authorize the app in your Slack workspace

Best Practices

  • Route by severity — Send Critical/High findings to high-priority channels (e.g., #security-incidents)
  • Separate dev and prod — Use different channels for development and production repositories
  • Enable auto-fix alerts — Notify teams when auto-fix PRs are ready to review
  • Use daily digests for low-traffic repos — Avoid alert fatigue for repositories with infrequent changes

Troubleshooting

Alerts Not Appearing

  1. Check channel permissions — Ensure PrismSec has been invited to the Slack channel:

    /invite @PrismSec

  2. Verify notification preferences — Ensure the severity levels you want are enabled

  3. Check repository mapping — Confirm the repository is mapped to the correct channel

Too Many Alerts

  1. Filter by severity — Disable Low and Medium alerts
  2. Switch to daily digest — Reduces noise while keeping you informed
  3. Adjust severity thresholds — Use prismsec.yml to reduce Low/Medium findings (see Configuring Scans)

Security and Permissions

PrismSec's Slack integration:

  • Only posts messages to channels you specify
  • Does not read message history or private messages
  • Does not access files or user data
  • Uses OAuth for secure authentication

You can revoke access at any time:

  1. Go to your Slack workspace SettingsManage Apps
  2. Find PrismSec in the list
  3. Click Remove App

Next Steps