Slack integration

Deliver scan-completion summaries to Slack as rich messages. Lower friction than a custom webhook — no code to write.

Set up

1. In Slack: Add apps → Incoming Webhooks. Pick the destination channel. Copy the webhook URL (starts with https://hooks.slack.com/services/…).
2. In Pentestas: Settings → Integrations → Slack → paste the webhook URL → Save.
3. Pentestas sends a test message (✅ Pentestas connected).

Optional: configure per-scheduled-scan Slack channels. A weekly perimeter scan can post to #secops while a payment-flow scan posts to #payments-alerts.

Message format

🚨 Scan complete: https://app.example.com
 Findings: 42 total (3 critical, 8 high, 15 medium, 16 low)
 [View results](https://app.pentestas.com/scan-detail/...)

Colour:

• Red → any CRITICAL.
• Orange → HIGH but no CRITICAL.
• Green → no HIGH/CRITICAL.

Filtering

Default: one message per completed scan.

Pro+ allows:

• Only alert on new CRITICAL/HIGH — throttle noisy scans.
• Thread under scheduled scan parent message — long-running schedule posts one parent message; each run is a reply in the thread. Keeps channel history clean.
• Custom template — Go template string with {{.Scan}}, {{.Findings}}, {{.TopChain}} variables.

Disabling temporarily

Settings → Integrations → Slack → Disable. Webhook URL is kept; re-enable when you want messages to resume.

Security

Slack webhooks are unauthenticated URLs — anyone with the URL can post to the channel. Pentestas stores yours encrypted per-tenant; it's not visible in audit logs beyond the first 8 characters of the path.

See also

• Webhooks — for arbitrary HTTPS endpoints
• Scheduled reports