Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/advanced-security/slack-secret-scanning-notifier-azure-function

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
https://github.com/advanced-security/slack-secret-scanning-notifier-azure-function

github-advanced-security secret-scanning slack-bot

Last synced: 10 months ago
JSON representation

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

Awesome Lists containing this project

README 

          
# Slack Secret Scanning notifier (Azure Function/GitHub App)



> [!WARNING]

> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.



This project sends notifications to a **Slack** channel when a secret scanning event happens in [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security).



> [!NOTE]

> Want the same, but for Teams? 👉 [Teams Secret Scanning notifier](https://github.com/advanced-security/teams-secret-scanning-notifier-azure-function)



It is implemented as an [Azure Function](https://learn.microsoft.com/en-us/azure/azure-functions/), and installed as a [GitHub App](https://docs.github.com/en/apps). It uses a Slack incoming webhook.



It needs you to deploy the function on Azure, and to create a GitHub App and install it on an org or repo.



> [!WARNING]

> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.



## How it works



The Azure Function is triggered by a GitHub webhook event, via the GitHub App.



The Function notifies a Slack channel via a Slack incoming webhook.



```mermaid

sequenceDiagram

    participant GR as GitHub repo

    participant GA as GitHub App

    participant AF as Azure Function

    participant SC as Slack channel

    GR->>GA: GitHub event

    GA->>AF: Triggers Azure Function

    AF->>SC: Sends message to Slack channel

```



## Requirements



- an Azure account on an Azure subscription

- a GitHub account

- a Slack subscription

- an incoming webhook on a Slack channel



## Settings



You will need to set the Slack webhook URL in the Azure Function's application settings. This is covered in the `INSTALL.md` file.



Before you deploy, you can choose to set a declarative filter to apply to GitHub events you receive in the Azure Functions App. This is in addition to selecting the secret scanning events in the GitHub App.



This is done in the `filter.yml` file, with the format shown in `filter.yml.example` and below:



```yaml

# Path: filter.yml



# filter webhook events by type and payload, declaratively



include:

  secret_scanning_alert:

    action: [created, dismissed, resolved, reopened]



exclude:

  secret_scanning_alert:

    action: reopened

  secret_scanning_alert_location:



```



The corresponding exclude filter for an event name is applied after the include filter.



This example will include any event named `secret_scanning_alert` with an action of `created`, `dismissed`, or `resolved`, `reopened` and will exclude any event named `secret_scanning_alert` with an action of `reopened`. It will also exclude any event named `secret_scanning_alert_location`.



The presence of an include filter here means that excluding `secret_scanning_alert_location` is redundant, as it will never be included in the first place, but it is included to show the syntax.



If you do not want to use a filter, you can delete the `filter.yml` file, or leave it empty.



You do not need to provide both an `include` and `exclude` key.



## Installing



See [INSTALL.md](INSTALL.md) for details.



## License



This project is licensed under the terms of the MIT open source license. Please refer to the [LICENSE](LICENSE) for the full terms.



## Maintainers



See [CODEOWNERS](CODEOWNERS) for the list of maintainers.



## Support



> [!WARNING]

> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.



See the [SUPPORT](SUPPORT.md) file.



## Security Considerations



Secret scanning events contain sensitive data that is usually only available to users with privileged access on a repository.



If you use this notifier, then anyone with access to the Azure Function's subscription may be able to get access to this data.



Anyone with access to the Slack channel may be able to get access to this data.



## Background



See the [CHANGELOG](CHANGELOG.md), [CONTRIBUTING](CONTRIBUTING.md), [SECURITY](SECURITY.md), [SUPPORT](SUPPORT.md), [CODE OF CONDUCT](CODE_OF_CONDUCT.md) and [PRIVACY](PRIVACY.md) files for more information.