Skip to main content

Slack

Cimon is able to send a Slack webhook to a desired endpoint whenever a security violation is found in the pipeline. In order to configure the Slack webhook, you will need to provide a Slack webhook endpoint as a parameter to the Cimon agent. This can be done through our custom Github Action by specifying the parameter name slack-webhook-endpoint.

Creating a Slack Webhook

Before configuring Cimon to send a Slack webhook, you must create one in Slack. Here are the steps to create a webhook:

  • Open the Slack workspace where you want to create the webhook.
  • Click on the workspace name in the top left corner and select "Settings & administration".
  • Click on "Manage apps".
  • Click on "Custom Integrations" in the sidebar.
  • Click on "Incoming Webhooks".
  • Click on "Add to Slack".
  • Select the channel where you want the webhook to post messages.
  • Click on "Add Incoming Webhooks integration".
  • Copy the webhook URL.

Configuring Cimon to Send a Slack Webhook

Once you have created a webhook in Slack, you can configure Cimon to send a webhook to that endpoint whenever a security violation is found in the pipeline. The workflow for the Cimon installation looks like this:

  • Open the Github repository where you want to configure Cimon.
  • Modify the workflow in which you add or modify the current Cimon installation.
  • Set up Cimon as follows:
steps:
  - uses: cycodelabs/cimon-action@v0
    with:
      client-id: ${{ secrets.CIMON_CLIENT_ID }}
      secret: ${{ secrets.CIMON_SECRET }}
      ...
      slack-webhook-endpoint: ${{ secrets.SLACK_WEBHOOK_ENDPOINT }}
  • Replace ${{ secrets.SLACK_WEBHOOK_ENDPOINT }} with the secret name containing your Slack webhook endpoint.