Email/Slack Notifications

If you have installed the Harden-Runner GitHub App (it's a mandatory step for private repositories and optional for public repositories), you can configure Slack and email notifications to receive important CI/CD runtime events in addition to Insights Page and GitHub Actions workflow execution logs.

Harden-Runner is designed to minimize alert fatigue to show each notification only once. If Harden-Runner detects the same anomalous behaviors in future workflow runs, it won't send notifications.

Please note that these notification settings apply to all repositories inside the GitHub organizations.

How to check if the App is installed?

The quickest way to check if the Harden-Runner GitHub App is installed or not is by visiting the notifications settings page. Click on Notification icon next to Recommended Policy header on the Insights page.

You will see the following message if the App is not installed. Please install the GitHub App by following the instructions provided on the page if the app is not installed.

If the App is installed, then you would see notification settings on the page.

Email Notifications

You can provide an email address on the notifications settings page to receive notification emails. Please enter your monitoring email address in Email textbox, choose appropriate events from Notification Events section, and click on Save button.

Once email notification settings are updated, you will receive notification emails from bot@stepsecurity.io. Here is a sample notification email:

Slack Notifications

Similar to email notifications, you can setup Slack notifications on the notification settings page by providing a Slack Webhook. Please follow these instructions to create a Slack Webhook. Once you have a webhook, update appropriate notification settings.

Here is a sample Slack notification: