Slack integration
Deliver scan-completion summaries to Slack as rich messages. Lower friction than a custom webhook β no code to write.
Set up
- In Slack: Add apps β Incoming Webhooks. Pick the destination channel. Copy the webhook URL (starts with
https://hooks.slack.com/services/β¦). - In Pentestas: Settings β Integrations β Slack β paste the webhook URL β Save.
- Pentestas sends a test message (
β Pentestas connected).
Optional: configure per-scheduled-scan Slack channels. A weekly perimeter scan can post to #secops while a payment-flow scan posts to #payments-alerts.
Message format
π¨ Scan complete: https://app.example.com
Findings: 42 total (3 critical, 8 high, 15 medium, 16 low)
[View results](https://app.pentestas.com/scan-detail/...)
Colour:
- Red β any CRITICAL.
- Orange β HIGH but no CRITICAL.
- Green β no HIGH/CRITICAL.
Filtering
Default: one message per completed scan.
Pro+ allows:
- Only alert on new CRITICAL/HIGH β throttle noisy scans.
- Thread under scheduled scan parent message β long-running schedule posts one parent message; each run is a reply in the thread. Keeps channel history clean.
- Custom template β Go template string with
{{.Scan}},{{.Findings}},{{.TopChain}}variables.
Disabling temporarily
Settings β Integrations β Slack β Disable. Webhook URL is kept; re-enable when you want messages to resume.
Security
Slack webhooks are unauthenticated URLs β anyone with the URL can post to the channel. Pentestas stores yours encrypted per-tenant; it's not visible in audit logs beyond the first 8 characters of the path.
See also
- Webhooks β for arbitrary HTTPS endpoints
- Scheduled reports