Slack

Bugcrowd integration with Slack allows you to receive actionable bounty notifications immediately. You can configure the Slack integration on Crowdcontrol and enable specific program notifications to be sent as direct messages to a public slack channel, a private slack channel, or a specific Slack user.

Depending on the type of action, each notification provides specific information and additional links to direct you into Crowdcontrol making it easy to view the program, submission, target, or researchers profile (if public).

Setting Up Slack Integration

  1. Go to Settings and click the Integrations tab.

    settings-integration

  2. In Slack, click Add Integration.

    add-integration

  3. Click Add to Slack.

    add-to-slack

  4. From Post to drop-down menu, select the channel or an individual based on your organization’s needs where you want to receive notifications.

    post-to

  5. Click Allow.

    allow

    The Slack application is integrated and the Slack Authorization Successful message is displayed as shown.

    authorization-successful

    If the configured Slack channel is disconnected, the Unable to connect to Slack message is displayed as shown. Click Add to Slack and add the Slack integration again.

    unable-to-connect

Configuring Slack Notifications

You can enable or disable the notifications when a submission:

  • Is created
  • Moves to triaged
  • Moves to Unresolved
  • Moves to Resolved
  • Is rewarded
  • Is commented on by a researcher
  • Has a private note added
  • Has a blocker created/resolved (notification includes blocker details and link to submission)

To enable notification, move the required slider to the right. To disable, move the required slider to the left.

configuring-slack

Reconfiguring Slack Authorization

  1. To reconfigure the slack authorization, click Reconfigure as shown.

    reconfigure-slack

  2. From the Post to drop-down menu, select the channel or an individual based on your organization’s needs where you want to receive notifications.

    select-channel

  3. Click Allow.

    click-allow

    The Slack application is integrated and the Slack Authorization Successful message is displayed as shown.

    slack-integration-success

Enabling or Disabling Integration Status

By default, the integration status is enabled (slider is moved to the right as shown). To disable the integration status, move the slider to the left.

integration-status

When you enable or disable the integration status, the following message is displayed.

integration-updated

Deleting Slack Integration

To delete the Slack integration, click Delete.

delete-integration

A pop-up message is displayed asking for confirmation. Click Delete.

delete-message

The integration is deleted from Bugcrowd and the page where you can revoke authorization is displayed.

delete-configuration-page

Revoking Authorization

To revoke authorization, click the Delete icon for the user as shown.

revoking-authorization

A pop-up message asking for confirmation is displayed. Click Revoke.

click-revoke

The authorization is successfully removed message is displayed as shown.

authorization-removed

Accessing Bugcrowd from the Slack App Store

Bugcrowd is available in the public Slack app store. You can access it directly or by searching at https://slack.com/apps.

Slack Notifications Example

The following message is received in the configured Slack channel when a vulnerability is submitted.

example-new-submission

When our triage team evaluates the submission, the following message is received in the Slack channel when there is a comment on a submission and you can keep up to date on their comments.

example-comment

Onboarding Expand to see sub-pages
Account Management Expand to see sub-pages
Security Program Management Expand to see sub-pages
Engagement Management Expand to see sub-pages
Reporting Expand to see sub-pages
Submission Management Expand to see sub-pages
Integration Management Expand to see sub-pages
Visit bugcrowd.com