Integrate a new Slack source

info

All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:

• Generic High Entropy Secret
• Generic Password

Setting up and configuring this integration is limited to users with an Owner or Manager access level. Slack workspace installation is only open to workspaces under the Business plan. However, you can install and test secret detection in Slack with a 30-day trial. Any secret incidents detected during the trial will remain accessible in your incident dashboard.

GitGuardian integrates natively with Slack via a Slack app that you can install on your public and/or private channels of your Slack workspaces. Note that the GitGuardian Slack app only has read access to your channels.

In case your Slack workspace is configured to restrict installations of apps, you will need Workspace Owner rights in your Slack workspace to set up the integration. You can refer to the Slack documentation for more information on managing Slack apps.

Setup your Slack integration

You can install GitGuardian on multiple Slack workspaces to monitor your public and private channels.

Setup your Slack integration for public channels

1. Make sure you're logged in the Slack workspace you want to install
2. In the GitGuardian platform, navigate to the Sources integration page
3. Click Install next to Slack in the Messaging section
4. Click Install on the Slack integration page
5. Select the Slack workspace you want to add
6. Click Allow to grant the permissions requested by GitGuardian

That's it! Our GitGuardian app is now automatically invited on all your public channels. It will now start monitoring all messages shared on your public channels for secrets.

Extend your Slack integration to private channels

By default, the GitGuardian app only accesses public channels. We do not access private channels without your consent. Optionally, you can authorize the GitGuardian Slack app to integrate and monitor your private channels.

To do so, simply invite our GitGuardian app into the desired private Slack channels:

1. Navigate to the private Slack channel of your choice
2. Go to the Integrations tab of your channel settings
3. Click Add an App
4. Click Add next to the GitGuardian app

That's it! Our GitGuardian app is now invited to your private channel and ready for monitoring.

To remove the Slack app from a private Slack channel:

1. Navigate to the private Slack channel of your choice
2. Go to the Integrations tab of your channel settings
3. Click the GitGuardian app
4. Select Remove this app from #channel
5. Confirm by clicking Remove

That's it! Our GitGuardian app is now removed from your private channel and secret detection is disabled.

Setup Slack for self-hosted GitGuardian

info

We recommend using dedicated workers for Slack. For more detailed information on scaling and configuration, please visit our scaling page.

If you are using a self-hosted GitGuardian instance, you must first configure a dedicated Slack App so that you own the entire data stream. GitGuardian handles it for you programmatically via the Slack manifest. This will ensure that your Slack App is created with all the appropriate rights.

1. Create a Slack app

You are a GitGuardian Manager and you have the right to create a Slack app

1. Navigate to the Slack integration page
2. Click Configure Slack app
   
3. Click Create Slack app
4. Select the Slack workspace on which you will create your new custom Slack app
5. Click Next
6. Click Create
7. Go to Settings > Basic Information > App Credentials section
8. Get your App Credentials (App ID, Client ID, Client Secret, Signing Secret)
   

That's it! Your Slack app has been created and you can now declare your Slack app in the GitGuardian Platform.

You are a GitGuardian Manager and you don't have the right to create a Slack app

If you don't have the right to create a Slack app, please ask your Slack administrator to do it for you. You can easily forward a request with this procedure:

1. Navigate to the Slack integration page
2. Click Configure Slack app
   
3. Click the Send a request to a Slack administrator link to easily forward your request
4. They should in turn provide you with the Slack app credentials to proceed with the rest of the configuration.

You are not a GitGuardian Manager and you received a request to create a Slack app because you have the rights to do so

You received a request to create a new custom Slack app so you can use GitGuardian to scan your Slack workspace for secrets.

1. Go to the Slack App creation page
2. Select the Slack workspace on which you will create your new custom Slack app
3. Click Next
4. Click Edit Configurations
5. Edit the redirect_url and request_url in the manifest to fit with the GitGuardian self-hosted instance URL:
   • redirect_url:
     • replace: https://dashboard.gitguardian.com/api/v1/slack/app/install_callback/
     • with: https://<gitguardian.acme.com>/api/v1/slack/app/install_callback/
   • request_url:
     • replace: https://dashboard.gitguardian.com/api/v1/receiver/slack/
     • with: https://<gitguardian.acme.com>/api/v1/receiver/slack/
6. Click Next
7. Click Create
8. Go to Settings > Basic Information > App Credentials section
9. Return the App Credentials to your requester in the secure way of your choice (App ID, Client ID, Client Secret, Signing Secret)
   

That's it! Your Slack app has been created, and the requester will be able to declare the Slack app configuration in the GitGuardian platform. Thank you for your cooperation!

2. Declare your Slack app in the GitGuardian Platform

1. Paste your Slack app credentials
2. Click Save and close
   

That's it! Your Slack app configuration is ready and you can now setup your Slack integration.

Edit your Slack app configuration

In case you need to edit your Slack app configuration, due to an error when declaring your Slack app credentials or due to a secret rotation, you can do so as follows:

1. Click Edit Slack app
2. Update your Slack app credentials
3. Click Save and close
   

Delete your Slack app configuration

In case you need to delete your Slack app configuration, you can do so as follows:

1. Click Edit Slack app
2. Click Delete configuration
3. Confirm by clicking Delete configuration in the confirmation modal

info

Deleting your Slack app configuration will uninstall all your Slack integrations. However, all your existing incidents detected on Slack will remain available on your dashboard. Note that deleting the Slack app configuration will only delete the configuration, not the Slack app. If you want to delete your Slack app, you must do so from your Slack workspace.

Uninstall your Slack workspace

To uninstall a Slack workspace:

1. In the GitGuardian platform, navigate to the Sources integration page
2. Click Edit next to Slack in the Messaging section
3. Click the bin icon next to the Slack workspace to uninstall
4. Confirm by clicking Uninstall in the confirmation modal

That's it! Your Slack workspace is now uninstalled.

Limitations

• Monitored Perimeter: Customization of the monitored perimeter is not supported. By default, all public channels are monitored and cannot be excluded. Private channels can be included by inviting the GitGuardian Slack app. Historical scans are not triggered automatically when a new channel is added to the monitored perimeter (for example when a private channel is made public or when the GitGuardian Slack app is added to a private channel). You need to manually trigger the historical scans from your GitGuardian workspace.
• Team Perimeter: Customization of a team perimeter with Slack channels is not supported. Users must be in All-incidents team to view and access Slack incidents.
• Direct Messages: Direct messages are not scanned.
• File Attachments: File attachments are not scanned.
• Occurrence Previews: Previews of occurrences are not supported.

Privacy

Country-specific laws and regulations may require you to inform your Slack users that your channels are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Slack channels for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only channels relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the channel’s purpose.