Skip to main content

Integrate a new Slack source

GitGuardian natively integrates with Slack via the GitGuardian or GitGuardian EU application on Slack Marketplace that you can install on your public and/or private channels of your Slack workspaces. The GitGuardian app for Slack will only have read access to your channels. You may have a look at the Privacy section for more details.

info

Plan requirements: Available for GitGuardian Business and Enterprise plans. Try it for free with a 30-day trial - any detected incidents remain accessible after the trial ends.

Detector coverage: To minimize false positives, the Generic High Entropy Secret and Generic Password are disabled. All other detectors are enabled.

In case your Slack workspace is configured to restrict installations of apps, you will need Workspace Owner permissions to fulfil the integration on your Slack workspace. You can refer to the Slack documentation for more information on managing apps.

Setup GitGuardian for Slack Integration on GitGuardian SaaS

You can install GitGuardian on multiple Slack workspaces to start monitoring for secret leaks.

  1. Make sure you're logged in to the Slack workspace you want to install
  2. On the GitGuardian platform, navigate to the Sources integration page
  3. Click Install next to Slack in the Messaging section

    Slack install
  4. Click Install on the Slack integration page
  5. Select the Slack workspace you want to add
  6. Click Allow to grant the permissions requested by GitGuardian

    Slack permissions

That's it! Our GitGuardian app is now automatically joining all your public channels and will monitor new messages in these channels. You can also invite the GitGuardian app to private channels to monitor these channels as well.

Setup GitGuardian for Slack Integration on self-hosted GitGuardian

info

We recommend using dedicated workers for this integration. For more detailed information on scaling and configuration, please visit our scaling page.

If you are using a self-hosted GitGuardian instance, you must first create and configure a dedicated App on your Slack workspace so that you own the entire data stream. GitGuardian handles it for you programmatically via the creation of your app with a manifest file. This will ensure that your app is appropriately created, with all the necessary permissions.

Permissions requested

No action needed on your side, the app will automatically request the following Bot Token Scopes: channels:history, channels:join, channels:read, groups:history, groups:read, team:read, users:read, users:read.email

1. Create an app on your Slack workspace

If you are a GitGuardian Manager and you have the permissions to create an app on your Slack workspace

  1. Navigate to the Slack integration page
  2. Click Configure app on Slack Marketplace from your GitGuardian dashboard configure
  3. Click Create app on your Slack workspace from the modal
    This will automatically redirect you to your Slack workspace applications, with a dialog modal opened

    drawing
  4. Select the Slack workspace you would like to monitor with GitGuardian
  5. Click Next
  6. You may review details, scopes and configurations set for the app on Slack Marketplace

    drawing
  7. Click Create
  8. Go to Settings > Basic Information > App Credentials section
  9. Get your App Credentials (App ID, Client ID, Client Secret, Signing Secret) that will be required for the pairing of the app with your GitGuardian workspace

    App creation

That's it! Your app on Slack Marketplace has been created and you can now pair your app on Slack Marketplace with your GitGuardian Platform.

If you are a GitGuardian Manager but you don't have the permissions to create an app on Slack Marketplace

If you don't have the right to create an app on your Slack workspace, please ask your Slack administrator to do it for you. You can easily forward a request with this procedure:

  1. Navigate to the Slack integration page
  2. Click Configure app on your Slack workspace

    App configuration
  3. Click the Send a request to a Slack administrator link to easily forward your request
  4. They should in turn provide you with the credentials to proceed with the pairing of the app on your Slack workspace with your GitGuardian Platform.

If you are not a GitGuardian Manager but you received a request to create an app on your Slack Workspace

You received a request to create a new an app on your Slack Workspace so you can use GitGuardian to scan your Slack workspace for secrets.

  1. Go to the App creation page
  2. Select the Slack workspace on which you will create a new app on your Slack Workspace
  3. Click Next
  4. Click Edit Configurations
  5. Edit the redirect_url and request_url in the manifest to fit with the GitGuardian self-hosted instance URL:
    • redirect_url:
      • replace: https://dashboard.gitguardian.com/api/v1/slack/app/install_callback/
      • with: https://<gitguardian.acme.com>/api/v1/slack/app/install_callback/
    • request_url:
      • replace: https://dashboard.gitguardian.com/api/v1/receiver/slack/
      • with: https://<gitguardian.acme.com>/api/v1/receiver/slack/ App manifest
  6. Click Next
  7. Click Create
  8. Go to Settings > Basic Information > App Credentials section
  9. Return the App Credentials to your requester in the secure way of your choice (App ID, Client ID, Client Secret, Signing Secret)

    App credentials source

That's it! Your app has been created, and the requester will be able to declare its configuration in the GitGuardian platform.

info

The Historical Scan feature for Slack workspaces can be affected by Slack API rate limits on *:history scopes. Please contact your Slack Account Manager for more information.

2. Pair the app on your Slack Workspace with your GitGuardian Platform

  1. Fill-in the Slack configuration modal opened from your GitGuardian dashboard, with your app credentials (App ID, Client ID, Client Secret, Signing Secret)

    App credentials
  2. Click Save and close

Your app is now paired, you now need to finish the installation to start covering your channels.

3. Finish the installation

You can install GitGuardian on multiple Slack workspaces to start monitoring for secret leaks.

  1. Make sure you're logged in to the Slack workspace you want to install
  2. On the GitGuardian platform, navigate to the Sources integration page
  3. Click Install next to Slack in the Messaging section

    Slack install
  4. Click Install on the Slack integration page
  5. Select the Slack workspace you want to add
  6. Click Allow to grant the permissions requested by GitGuardian

    Slack permissions

That's it! Our GitGuardian app is now automatically joining all your public channels and will monitor new messages in these channels. You can also invite the GitGuardian app to private channels to monitor these channels as well.

Extend your coverage to private channels

info

By default, GitGuardian only scans public channels. We do not access private channels without your consent.

You can also monitor your private channels with the Slack integration. To do so, simply invite our GitGuardian app into the desired private Slack channels:

  1. Navigate to the private Slack channel of your choice
  2. Go to the Integrations tab of your channel settings
  3. Click Add an App
  4. Click Add next to the GitGuardian app App addition

That's it! Our GitGuardian app is now invited to your private channel and ready for monitoring.

To remove the GitGuardian app from a private Slack channel:

  1. Navigate to the private Slack channel of your choice
  2. Go to the Integrations tab of your channel settings
  3. Click the GitGuardian app
  4. Select Remove this app from #channel
  5. Confirm by clicking Remove App removal

That's it! Our GitGuardian app is now removed from your private channel and secret detection is disabled.

Edit the GitGuardian app on your Slack workspace configuration

In case you need to edit the GitGuardian app on your Slack workspace configuration, due to an error when declaring your credentials or due to a secret rotation, you can do so as follows:

  1. Click Edit app
  2. Update your app credentials
  3. Click Save and close


    App configuration edit

Delete your GitGuardian app on your Slack workspace configuration

In case you need to delete your GitGuardian app on your Slack workspace configuration, you can do so as follows:

  1. Click Edit app
  2. Click Delete configuration
  3. Confirm by clicking Delete configuration in the confirmation modal
info

Deleting your GitGuardian app on your Slack workspace configuration will uninstall all your Slack integrations. However, all your existing incidents detected on Slack will remain available on your dashboard. Note that deleting the GitGuardian app on your Slack workspace configuration will only delete the configuration, not the app. If you want to delete your GitGuardian app on your Slack workspace, you must do so from your Slack workspace.

Uninstall your Slack workspace from GitGuardian Platform

To uninstall a Slack workspace:

  1. In the GitGuardian platform, navigate to the Sources integration page
  2. Click Edit next to Slack in the Messaging section
  3. Click the bin icon next to the Slack workspace to uninstall
  4. Confirm by clicking Uninstall in the confirmation modal

    Slack uninstall

That's it! Your Slack workspace is now uninstalled from GitGuardian Platform.

Limitations

  • Monitored Perimeter: Customization of the monitored perimeter is not supported. By default, all public channels are monitored and cannot be excluded. Private channels can be included by inviting the GitGuardian app for Slack. Historical scans are not triggered automatically when a new channel is added to the monitored perimeter (for example when a private channel is made public or when the GitGuardian app for Slack is added to a private channel). You need to manually trigger the historical scans from your GitGuardian workspace.
  • Team Perimeter: Customization of a team perimeter with Slack channels is not supported. Users must be in All-incidents team to view and access incidents detected on your Slack workspace.
  • Direct Messages: Direct messages are not scanned.
  • File Attachments: File attachments are not scanned.
  • Occurrence Previews: Previews of occurrences are not supported.

Privacy

The GitGuardian app for Slack will only have read access to your channels. The permissions used by our applications are listed on the corresponding Slack Marketplace pages, on the Configuration tab:

Country-specific laws and regulations may require you to inform your Slack users that your channels are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Slack channels for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only channels relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the channel’s purpose.