{"id":31565491,"url":"https://github.com/hcl-tech-software/appscan-slack-integration","last_synced_at":"2026-04-17T04:34:04.949Z","repository":{"id":313375914,"uuid":"1020077978","full_name":"HCL-TECH-SOFTWARE/appscan-slack-integration","owner":"HCL-TECH-SOFTWARE","description":"This application integrates HCL AppScan on Cloud (ASoC) or HCL AppScan 360° with your Slack workspace. It brings real-time security insights and on-demand application summaries directly into your team's chat, helping you integrate security into your development process","archived":false,"fork":false,"pushed_at":"2025-09-05T08:39:44.000Z","size":102,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-02T07:29:48.080Z","etag":null,"topics":["appscan","integration","slack","slack-bot"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HCL-TECH-SOFTWARE.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-15T09:58:44.000Z","updated_at":"2025-09-05T08:39:11.000Z","dependencies_parsed_at":"2025-09-05T17:46:57.961Z","dependency_job_id":"457418d5-0730-4d8a-9050-26aff61c216c","html_url":"https://github.com/HCL-TECH-SOFTWARE/appscan-slack-integration","commit_stats":null,"previous_names":["hcl-tech-software/appscan-slack-integration"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HCL-TECH-SOFTWARE/appscan-slack-integration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-slack-integration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-slack-integration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-slack-integration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-slack-integration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HCL-TECH-SOFTWARE","download_url":"https://codeload.github.com/HCL-TECH-SOFTWARE/appscan-slack-integration/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-slack-integration/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278420417,"owners_count":25983852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appscan","integration","slack","slack-bot"],"created_at":"2025-10-05T07:08:23.592Z","updated_at":"2025-10-05T07:08:24.694Z","avatar_url":"https://github.com/HCL-TECH-SOFTWARE.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# **HCL AppScan Slack integration**\n\nThis application integrates **HCL AppScan on Cloud (ASoC)** or **HCL AppScan 360°** with your Slack workspace. It brings real-time security insights and on-demand application summaries directly into your team's chat, helping you integrate security into your development process.\n\nThe app runs in **Socket Mode**, which establishes a secure WebSocket connection to Slack. This approach doesn't require you to expose public HTTP endpoints, so you can run it securely behind a corporate firewall.\n\n## **Features**\n\n### **Proactive notifications**\n\n* **Automated scan completion alerts:** Receive an instant alert when a scan for a monitored application is complete.  \n* **Detailed summaries:** Notifications include a rich summary with:  \n  * Application Name and Scan Name  \n  * Scan Technology (DAST, SAST, SCA)  \n  * A full breakdown of issue counts: ⚫ Critical, 🔴 High, 🟠 Medium, 🔵 Low, and ⚪️ Informational.  \n  * Details of the person who initiated the scan (Full Name, Username, Email).  \n  * A timestamp for when the scan was created.  \n  * A **View in AppScan** button that links to the full report.  \n* **Targeted app-to-channel mapping:** You can configure specific applications to send notifications to one or more Slack channels, which ensures the right teams get the right alerts.\n\n### **On-demand slash commands**\n\nAny team member to get real-time security data without leaving Slack.\n\n* /appscan summary \\\u003cApplication Name\\\u003e: Get a comprehensive security overview of a specific application.  \n* /appscan list\\_apps: Display a formatted list of top 30 applications in your AppScan instance with their current risk rating and total issue counts.  \n* /appscan list\\_scans \\\u003cAppScan\\_Email\\\u003e: List top 10 scans initiated by a specific user's email address.  \n* /appscan scan\\_summary \\\u003cScan\\_ID\\\u003e: Get a detailed summary for a specific scan by its ID.  \n* /appscan help: Show a list of all available commands.\n\n### **Security and deployment**\n\n* **Self-hosted model:** You clone, configure, and run the application on your infrastructure, which ensures your credentials and data remain within your control.  \n* **Socket Mode:** Uses a secure WebSocket connection for communication with Slack, so you don't need public endpoints or tools like ngrok.  \n* **Configurable for testing:** Includes an optional flag to allow connections to servers with untrusted SSL/TLS certificates for development or testing.\n\n## **Setup and installation guide**\n\nFollow these steps to set up and run the integration in your environment.\n\n### **Part 1: Prerequisites**\n\nEnsure you have the following software installed:\n\n* Java (JDK) 17 or newer  \n* Maven 3.8 or newer  \n* Git\n\n### **Part 2: Clone the repository**\n\nOpen a terminal and clone the application source code from the official HCL-TECH-SOFTWARE GitHub repository.\n\ngit clone [https://github.com/HCL-TECH-SOFTWARE/appscan-slack-integration.git](https://github.com/HCL-TECH-SOFTWARE/appscan-slack-integration.git)  \ncd appscan-slack-integration\n\n### **Part 3: Create and configure your Slack app**\n\n1. Go to the [Slack API Dashboard](https://api.slack.com/apps) and click **Create New App**.  \n2. Choose the **From a manifest** option.  \n3. Select the workspace where you want to install the app and click **Next**.  \n4. In the Enter manifest below section, select the **JSON** tab and paste the entire content of the slack-manifest.json file from the project.  \n5. Review the manifest details and click **Next**.  \n6. Click **Create** to finish creating the app.\n7. After creating the app, navigate to **Features \\\u003e App Home** in the left sidebar.  \n8. Enable the **Messages Tab** and check the box for **\"Allow users to send Slash commands and messages from the messages tab\"**. This will allow users to interact with your bot directly from its \"Messages\" tab.\n\n\n### **Part 4: Generate Slack tokens**\n\nYou need two types of tokens from your new Slack app's dashboard.\n\n**A. Get the app-level token for Socket Mode:**\n\n1. On the left sidebar, go to **Settings** \\-\\\u003e **Basic Information**.  \n2. Scroll down to the **App-Level Tokens** section.  \n3. Click **Generate Token and Scopes**.  \n4. Give the token a name (e.g., appscan-socket-token).  \n5. Click **Add Scope** and select connections:write.  \n6. Click **Generate**.  \n7. Copy the token that starts with **xapp-**.  You will need this for the slack.app.token property. You will need this for the SLACK\\_APP\\_TOKEN environment variable.\n\n**B. Get the bot token for API calls:**\n\n1. On the left sidebar, go to **Settings** \\-\\\u003e **Install App**.  \n2. Click the **Install to Workspace** button.  \n3. Follow the prompts to authorize the app.  \n4. After you authorize the app, you will be redirected to the **OAuth \u0026 Permissions** page.  \n5. Copy the **Bot User OAuth Token**. It will start with **xoxb-**. You will need this for the SLACK\\_BOT\\_TOKEN environment variable.\n\n### **Part 5: Configure the application**\n\nConfiguration is handled through environment variables, which is the most secure method. The application.properties file can be used for non-sensitive settings or for local testing.\n\n#### **A. Set Environment Variables (Recommended \u0026 Secure)**\n\nFor production environments, set the following environment variables. This prevents secrets from being saved in your source code.\n\n\\# Slack App Credentials  \n SLACK\\_BOT\\_TOKEN=\"\\\u003cSlack Bot Token\\\u003e\"  \n SLACK\\_SIGNING\\_SECRET=\"\\\u003cSlack Signing Secret\\\u003e\"  \n SLACK\\_APP\\_TOKEN=\"\\\u003cSlack App Token\\\u003e\"\n\n\\# AppScan API Configuration  \n APPSCAN\\_API\\_KEY=\"\\\u003cAppScan API Key\\\u003e\"  \n APPSCAN\\_API\\_SECRET=\"\\\u003cAppScan API Secret\\\u003e\"\n\n#### **B. Configure application.properties**\n\nYou can use this file for non-sensitive configuration or for local testing if you prefer not to set environment variables. **Do not commit secrets in this file to version control.**\n\n1. Open the application.properties file in your editor.  \n     \n2. Enter the placeholder values:  \n\n   \\# AppScan API Configuration  \n   appscan.api.baseurl=\u003cAppScan API Base URL\u003e \n\n  \\# Notification Configuration\n  \\# Map AppScan applications to Slack channels\n  \\# The format is: AppName1:\\#channel-a,\\#channel-b;AppName2:\\#channel-c  \n  \n   appscan.app.channel.mapping=AppName1:\\#channel-a,\\#channel-b;AppName2:\\#channel-c \n  \n  \\# Map AppScan applications to Slack user IDs.The format is: \u003cAppScan Application Name\u003e:\u003cSlack User ID 1\u003e,\u003cSlack User ID 2\u003e.Multiple users can be specified for the same application, separated by commas.\n   \n  appscan.app.user.mapping=Test_App:Slack_MemberID1,Slack_MemberID2;Test:Slack_MemberID3\n\n   \\# Polling Configuration (in milliseconds)  \n   appscan.poller.rate.ms=60000  \n     \n   \\# Testing Configuration  \n   \\# WARNING: Setting this to true bypasses all SSL certificate checks.  \n   \\# Do NOT use in production.  \n   appscan.allowUntrusted=false  \n     \n   \\# Server Port Configuration  \n   server.port=8080\n\n### **Part 6: Build and run the application**\n\n1. Build the app:  \n   Open a terminal in the project's root directory and run:  \n   mvn clean package  \n     \n2. Run the app:  \n   Once the build is complete, run the application:  \n   java \\-jar target/appscan-slack-app-0.0.1-SNAPSHOT.jar  \n     \n   The application will start and automatically connect to Slack using Socket Mode. You do not need to use ngrok.\n\n### **Part 7: Add the bot to channels**\n\nThe final step is to invite your bot into the Slack channels where you want to use it or receive notifications. In each relevant channel, type @YourBotName and press **Enter**, then click to invite it.\n\n## **Usage guide**\n\nNote: Application names that contain spaces must be enclosed in double quotes\n\n* Get an Application Summary:  \n  /appscan summary \"My Web Application\"  \n* List Applications:  \n  /appscan list\\_apps  \n* List Scans Started by a User:  \n  /appscan list\\_scans \"[john.doe@example.com](mailto:john.doe@example.com)\"  \n* Get a Specific Scan's Summary:  \n  /appscan scan\\_summary \"d4a3b2c1-e8f9-1234-abcd-5f6e7d8c9b0a\"  \n* Get Help:  \n  /appscan help\n\n**Troubleshooting**\n\n* **Problem**: The /appscan command returns a \"not found\" error in Slack.  \n  * Solution: Ensure you have successfully installed the app in your workspace from the Settings \\-\\\u003e Install App page in your Slack App's dashboard.\n\n\n* **Problem**: The bot does not respond in a specific channel.  \n  * Solution: You must invite the bot into each channel where you want to use it. Type @YourBotName in the channel and follow the prompt to invite it.\n\n* **Problem**: Notifications are not being received for a monitored application.  \n  * Solution: Double-check that the application name in appscan.monitored.apps and appscan.app.channel.mapping exactly matches the name in AppScan. Also, ensure the bot has been invited to the destination channels.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Fappscan-slack-integration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhcl-tech-software%2Fappscan-slack-integration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Fappscan-slack-integration/lists"}