Integrate with Slack

Integrate StackRox with Slack.

If you are using Slack, you can forward alerts from the StackRox Kubernetes Security Platform to Slack. This guide explains how to integrate the StackRox Kubernetes Security Platform with Slack.

To forward alerts from the StackRox Kubernetes Security Platform to Slack:

  1. Create a new Slack App, enable Incoming Webhooks, and get a Webhook URL. See Configure Slack.
  2. Use the Webhook URL to integrate Slack with the StackRox Kubernetes Security Platform. See Configure the StackRox Kubernetes Security Platform.
  3. Identify policies for which you want to send notifications, and update the notification settings for those policies. See Configure policy notifications.

Alerts in Slack
Alerts in Slack

Configure Slack

  1. Create a new Slack App. Navigate to https://api.slack.com/apps/new. Enter the App Name, choose a Development Slack Workspace to install your app, and then click Create App. Or if you want to use an existing Slack App, go to https://api.slack.com/apps and select an app.
  2. On the settings page, Basic Information section, select Incoming Webhooks (under Add features and functionality).
  3. Turn on the Activate Incoming Webhooks toggle.
  4. Select Add New Webhook to Workspace.
  5. Choose a channel that the app will post to, and then select Authorize. The page refreshes and you’re sent back to your app settings page.
  6. Copy the Webhook URL, under the Webhook URLs for Your Workspace section.

For more details, see the official Slack documentation topic, Getting started with Incoming Webhooks.

Configure the StackRox Kubernetes Security Platform

Create a new integration in the StackRox Kubernetes Security Platform by using the Webhook URL.

  1. Navigate to Platform Configuration > Integrations.
  2. Under the Plugins section, select Slack.
  3. Select the New Integration icon.
  4. Enter a name for Integration Name.
  5. Enter the generated Webhook URL in the Default Slack Webhook box.
  6. Select Test (checkmark icon) to test that the integration with Slack is working.
  7. Select Create (save icon) to create the configuration.

Send alerts to different Slack channels

You can configure the StackRox Kubernetes Security Platform to send notifications to different Slack channels, so they directly go to the right team. To configure this:

  1. Configure Slack by setting up incoming webhooks for each channel you want to send messages.
  2. Add an annotation similar to the following in your deployment YAML file:
    Copy
    example.com/slack-webhook: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  3. Use the annotation key example.com/slack-webhook in the Label/Annotation Key For Slack Webhook box when you Configure the StackRox Kubernetes Security Platform.

Once configured, if a deployment has the annotation, the StackRox Kubernetes Security Platform sends the alert to the Webhook URL specified in the annotation. Otherwise, it sends the alert to the default Webhook URL.

Configure policy notifications

  1. Navigate to Platform Configuration > System policies.
  2. Select the check boxes for one or more policies for which you want to send alerts.
  3. Select Enable Notifications or Actions > Enable Notification (depends upon the StackRox Kubernetes Security Platform version you are using).
  4. In the Enable Notifications dialog, select the check box for the Slack notifier (same as the Integration Name). If you haven’t configured any other integrations, you’ll see the message No notifiers configured!.
    Configure policy notifications
    Configure policy notifications
  5. Select Enable.
  • The StackRox Kubernetes Security Platform sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you won’t receive a notification unless a violation generates a new alert. The StackRox Kubernetes Security Platform creates a new alert when:

    • a policy violation occurs for the first time in a deployment, or
    • a runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for that policy in that deployment.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.