Skip to main content

Actionable and aggregated Slack notifications

Written by:
Anna Debenham

Anna Debenham

wordpress-sync/Actionable-and-aggregated-Slack-notifications-small

August 23, 2018

0 mins read

We are very conscious of our responsibility to keep customers informed about new security vulnerabilities while ensuring that we don’t desensitise them to our alerts by sending too many. The first version of our Slack integration worked well when the number of issues being raised was relatively small, but as our language support, detection depth and vulnerability database has expanded, the number of notifications we send out has also increased. It’s also vital that we provide a clear and fast way to fix the growing number of issues.

Here’s a screenshot of what our Slack notifications used to look like:

blog/slack-integration/slack-notification-v1

We’d send an individual alert for each project. If the same vulnerability was found in multiple projects, multiple notifications would be sent.

There were a few other things we wanted to improve, such as making the remediation action clearer, and aggregating the advice where possible.

Here’s a screenshot of the same notification run with the new and improved setup:

Rather than send separate Slack notifications for each vulnerability in each project, we’ve combined all the projects that have the same vulnerability into one notification. The remediation action is a lot clearer, there is a lot less repetition, and it’s also easier to scan.

After a few weeks of dogfooding and beta testing these new style Slack notifications with customers, we’ve now rolled this out to all our users. If you haven’t already tried out our Slack integration, do give it a go! It’s available on all our plans!

We really hope you find these new-style notifications useful. As always, feedback is welcome, so let us know what you think.

wordpress-sync/Actionable-and-aggregated-Slack-notifications-small

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.