Set up Slack integration

Integrate Endor Labs with Slack and automatically receive policy violations as notifications in your Slack channels. If you are using Slack for team communication and notifications, this integration helps you to seamlessly integrate Endor Labs into your organization’s existing workflows.

1. Create incoming webhooks in Slack
2. Configure Slack integration
3. Associate an action policy with Slack notification
4. Run a scan
5. View findings in Slack

Create incoming webhooks in Slack

Create an incoming webhook to your Slack channel to enable Endor Labs to post notifications in the channel. The Incoming Webhook provides a unique URL to integrate your Slack channel in Endor Labs.

To create incoming webhooks in Slack:

1. Create a Slack app for Endor Labs or use an existing app.
   • Click Create New App.
   • Choose From Scratch and Enter a name for the app, for example, Endor Labs.
   • Select your workspace and click Create App
   • You can enter basic, install, or display information for your Endor Labs app in Slack.
   • In Display Information, you can upload a logo and customize App colours to distinguish the Endor Labs App on the Slack workspace.
   • Click Save Changes.
2. Navigate to Features and select Incoming Webhooks, and toggle Activate Incoming Webhooks.
3. Refresh the page and click Add New Webhook to Workspace.
4. Select a channel in which you want to receive Endor Labs findings in Post to, then select Authorize. If you need to add the incoming webhook to a private channel, you must first be in that channel.
5. From Settings, copy the webhook URL under Webhook URLs for Your Workspace. Keep this URL handy to enter in Endor Labs.

For details on creating incoming webhooks in Slack, see Slack Integration.

Configure Slack Integration

To configure Slack integration, follow these steps:

1. Sign in to Endor Labs and click Integrations from the left sidebar.
2. Navigate to Slack under Notifications and click Add.
3. Click Add Notification Integration.
4. Specify a name and description for this integration.
5. Enter webhook URL copied from Slack in Incoming Webhook.
6. Click Add Notification Integration.

Associate an action policy with a Slack notification

Users can create action policies to send a Slack notification when the conditions of a given policy are met. For example, if there is a critical or high vulnerability, send the findings to Slack.

While creating an action policy, configure the following settings:

• Select Choose an Action as Send Notification.
• From SELECT NOTIFICATION TARGETS, choose the Slack integration notification that you created.
• Choose an Aggregation type for notifications.
  • Choose Project to group and send the findings related to a project in one message. You can see the top 3 findings by their severity level.
  • Choose Dependency to send individual messages for every dependency. You can see the top 3 findings by their severity level.
• From Assign Scope, include the project tags in INCLUSIONS to apply this policy to a project.

See Create an action policy for more details.

Manage Slack notification targets in Endor Labs

You can view and manage the Endor Labs Slack notification targets created for a project.

1. From the sidebar, navigate to Manage > Notifications.
2. Under Notifications, click Manage for Slack. You can view all your created notification targets for Slack.
3. To edit a notification target, click the vertical ellipsis and choose Edit Notification Integration.
4. To delete a notification target, click the vertical ellipsis dots and choose Delete Notification Integration.

Run a scan

Run the endorctl scan on your configured projects. See endorctl scan commands for more information.

View notifications in Slack

View Endor Labs’ findings in Slack and take remedial actions.

• Sign in to Slack and view the notifications on the configured channel.
• You can view the top 3 findings by their severity level. Click View All to see all the findings in Endor Labs.