Notifications

The notification settings in StepSecurity allow you to receive alerts about critical security events via email, Slack, or Microsoft Teams. These notifications help you stay informed about potential security risks in your workflows.

Configuring Notifications

You can customize notification settings by specifying:

Notification Channels

In StepSecurity we support two integrations for notifications:

Slack

You can set up Slack notifications in one of two ways:

1. Webhook URL:

   Provide your Slack webhook URL. Follow these instructions to create a Slack webhook.

2. OAuth App:

   Configure the Slack App in your Admin Settings to enable OAuth-based notifications.

Follow this interactive demo to see how to setup Slack OAuth App:

Microsoft Teams

To integrate with Microsoft Teams, add a Teams webhook URL. Follow these instructions to create a Teams webhook.

Notification Events

Select the security events for which you want to be notified, such as:

• Outbound traffic is blocked

• Anomalous outbound call is discovered

• Anomalous HTTPS outbound call is discovered

• Source code file is overwritten

• Secrets detected in the build log

• Secrets detected in build artifacts

• Imposter commits are detected

• Suspicious network calls are detected

• Suspicious process events are detected

• Non-compliant artifacts are detected

• Run policy is blocked

File Exclusions

If there are specific files you do not want to trigger notifications (e.g., README.md, package-lock.json), you can list them in the Exempt Files text box. Wildcards (e.g., *.md) are supported.

Saving Your Preferences

• Once you’ve configured the notification settings, click Save to apply your changes.