{"id":19652678,"url":"https://github.com/advanced-security/teams-secret-scanning-notifier-azure-function","last_synced_at":"2025-04-28T17:30:45.362Z","repository":{"id":227258310,"uuid":"769239628","full_name":"advanced-security/teams-secret-scanning-notifier-azure-function","owner":"advanced-security","description":"Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function","archived":false,"fork":false,"pushed_at":"2025-04-24T11:00:59.000Z","size":461,"stargazers_count":6,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-24T11:38:16.580Z","etag":null,"topics":["azure-function","github-advanced-security","github-app","microsoft-teams-bot","secret-scanning","security-team"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/advanced-security.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-03-08T16:21:47.000Z","updated_at":"2025-04-24T11:00:55.000Z","dependencies_parsed_at":"2024-03-12T12:42:02.930Z","dependency_job_id":"ea238fed-d70a-4908-9681-080cc3ddc49f","html_url":"https://github.com/advanced-security/teams-secret-scanning-notifier-azure-function","commit_stats":null,"previous_names":["advanced-security/teams-secret-scanning-notifier-azure-function"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fteams-secret-scanning-notifier-azure-function","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fteams-secret-scanning-notifier-azure-function/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fteams-secret-scanning-notifier-azure-function/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fteams-secret-scanning-notifier-azure-function/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/advanced-security","download_url":"https://codeload.github.com/advanced-security/teams-secret-scanning-notifier-azure-function/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251355239,"owners_count":21576320,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure-function","github-advanced-security","github-app","microsoft-teams-bot","secret-scanning","security-team"],"created_at":"2024-11-11T15:11:43.637Z","updated_at":"2025-04-28T17:30:45.078Z","avatar_url":"https://github.com/advanced-security.png","language":"TypeScript","funding_links":[],"categories":["Notifications"],"sub_categories":[],"readme":"# Teams Secret Scanning notifier (Azure Function/GitHub App)\n\n\u003e [!WARNING]\n\u003e This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.\n\nThis project sends notifications to a **Microsoft Teams** channel when a secret scanning event happens in [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security).\n\nIt is implemented as an [Azure Function](https://learn.microsoft.com/en-us/azure/azure-functions/), and installed as a [GitHub App](https://docs.github.com/en/apps). It uses a Teams incoming webhook.\n\nIt needs you to deploy the function on Azure, and to create a GitHub App and install it on an org or repo.\n\n\u003e [!WARNING]\n\u003e This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.\n\n## How it works\n\nThe Azure Function is triggered by a GitHub webhook event, via the GitHub App.\n\nThe Function notifies a Teams channel via a Teams incoming webhook.\n\n```mermaid\nsequenceDiagram\n    participant GR as GitHub repo\n    participant GA as GitHub App\n    participant AF as Azure Function\n    participant TC as Teams channel\n    GR-\u003e\u003eGA: GitHub event\n    GA-\u003e\u003eAF: Triggers Azure Function\n    AF-\u003e\u003eTC: Sends message to Teams channel\n```\n\n## Requirements\n\n- an Azure account on an Azure subscription\n- a GitHub account\n- a Teams subscription\n- an incoming webhook on a Teams channel\n\n## Settings\n\nYou will need to set the Teams webhook URL in the Azure Function's application settings. This is covered in the `INSTALL.md` file.\n\nBefore you deploy, you can choose to set a declarative filter to apply to GitHub events you receive in the Azure Functions App. This is in addition to selecting the secret scanning events in the GitHub App.\n\nThis is done in the `filter.yml` file, with the format shown in `filter.yml.example` and below:\n\n```yaml\n# Path: filter.yml\n\n# filter webhook events by type and payload, declaratively\n\ninclude:\n  secret_scanning_alert:\n    action: [created, dismissed, resolved, reopened]\n\nexclude:\n  secret_scanning_alert:\n    action: reopened\n  secret_scanning_alert_location:\n\n```\n\nThe corresponding exclude filter for an event name is applied after the include filter.\n\nThis example will include any event named `secret_scanning_alert` with an action of `created`, `dismissed`, or `resolved`, `reopened` and will exclude any event named `secret_scanning_alert` with an action of `reopened`. It will also exclude any event named `secret_scanning_alert_location`.\n\nThe presence of an include filter here means that excluding `secret_scanning_alert_location` is redundant, as it will never be included in the first place, but it is included to show the syntax.\n\nIf you do not want to use a filter, you can delete the `filter.yml` file, or leave it empty.\n\nYou do not need to provide both an `include` and `exclude` key.\n\n## Installing\n\nSee [INSTALL.md](INSTALL.md) for details.\n\n## License\n\nThis project is licensed under the terms of the MIT open source license. Please refer to the [LICENSE](LICENSE) for the full terms.\n\n## Maintainers\n\nSee [CODEOWNERS](CODEOWNERS) for the list of maintainers.\n\n## Support\n\n\u003e [!WARNING]\n\u003e This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.\n\nSee the [SUPPORT](SUPPORT.md) file.\n\n## Security Considerations\n\nSecret scanning events contain sensitive data that is usually only available to users with privileged access on a repository.\n\nIf you use this notifier, then anyone with access to the Azure Function's subscription may be able to get access to this data.\n\nAnyone with access to the Teams channel may be able to get access to this data.\n\n## Background\n\nSee the [CHANGELOG](CHANGELOG.md), [CONTRIBUTING](CONTRIBUTING.md), [SECURITY](SECURITY.md), [SUPPORT](SUPPORT.md), [CODE OF CONDUCT](CODE_OF_CONDUCT.md) and [PRIVACY](PRIVACY.md) files for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fteams-secret-scanning-notifier-azure-function","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadvanced-security%2Fteams-secret-scanning-notifier-azure-function","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fteams-secret-scanning-notifier-azure-function/lists"}