MCPSafe
DocsIntegrationsSlack
Slack

Slack Integration

Get security scan notifications directly in your Slack workspace.

Notification Types

Scan Completed

Get notified when any scan finishes

Critical Vulnerabilities

Immediate alert for critical findings

Grade Changes

Notify when security grade improves or degrades

Scheduled Scan Results

Daily or weekly security summaries

Setup

1

Create a Slack App

Go to api.slack.com/apps and create a new app

2

Enable Incoming Webhooks

In your app settings, go to Features → Incoming Webhooks and toggle it on

3

Add a Webhook to a Channel

Click "Add New Webhook to Workspace" and select your #security channel

4

Copy the Webhook URL

Save the webhook URL securely - you'll use it in your integration

Integration Code

Slack Notification Function

Send formatted scan results to Slack

slack-notification.js
const axios = require('axios');

async function sendSlackNotification(scanResult) {
  const slackWebhookUrl = process.env.SLACK_WEBHOOK_URL;

  const color = scanResult.results.grade.startsWith('A') ? '#22c55e' :
                scanResult.results.grade.startsWith('B') ? '#facc15' :
                scanResult.results.grade.startsWith('C') ? '#fb923c' : '#ef4444';

  const message = {
    attachments: [{
      color: color,
      blocks: [
        {
          type: "header",
          text: {
            type: "plain_text",
            text: "🛡️ MCPSafe Security Scan Complete"
          }
        },
        {
          type: "section",
          fields: [
            {
              type: "mrkdwn",
              text: `*Repository:*\n${scanResult.url}`
            },
            {
              type: "mrkdwn",
              text: `*Security Grade:*\n${scanResult.results.grade} (${scanResult.results.securityScore}/100)`
            }
          ]
        },
        {
          type: "section",
          fields: [
            {
              type: "mrkdwn",
              text: `*Critical:* ${scanResult.results.vulnerabilities.critical}`
            },
            {
              type: "mrkdwn",
              text: `*High:* ${scanResult.results.vulnerabilities.high}`
            },
            {
              type: "mrkdwn",
              text: `*Medium:* ${scanResult.results.vulnerabilities.medium}`
            },
            {
              type: "mrkdwn",
              text: `*Low:* ${scanResult.results.vulnerabilities.low}`
            }
          ]
        },
        {
          type: "actions",
          elements: [
            {
              type: "button",
              text: {
                type: "plain_text",
                text: "View Full Report"
              },
              url: scanResult.reportUrl
            }
          ]
        }
      ]
    }]
  };

  await axios.post(slackWebhookUrl, message);
}

Webhook Handler

Connect MCPSafe webhooks to Slack

webhook-handler.js
// Express.js webhook handler that forwards to Slack
app.post('/webhook/mcpsafe', express.json(), async (req, res) => {
  const event = req.body;

  if (event.event === 'scan.completed') {
    await sendSlackNotification(event.data);
  }

  if (event.event === 'scan.failed') {
    await sendSlackError(event.data);
  }

  res.status(200).json({ received: true });
});

Message Preview

MCPSafe Security Scan Complete
Repository:
github.com/owner/repo
Security Grade:
B (72/100)
Critical: 0
High: 1
Medium: 2
Low: 3

Best Practices

Use a dedicated channel

Create #security-alerts for scan notifications

Filter by severity

Only notify for critical/high issues to avoid alert fatigue

Include actionable links

Link directly to the full report for quick access

Keep webhook URLs secret

Store webhook URLs in environment variables, never in code