With the Slack integration, your team can stay up to date on HackerOne report activities without leaving Slack. Activities such as report triaged, bounty paid, and new comments added will trigger notifications in your selected channel. You can customize which activities you want to be notified about in which channels so that teams can only see what’s relevant to them.
This integration is only available to HackerOne Response, HackerOne Bounty Pro/Enterprise, HackerOne Challenge, and HackerOne Pentest customers. For more details please see product editions.
Existing users of the Slack integration will also need to navigate to Settings > Program > Integrations > Slack to enable the new settings.
Setup
To set up your Slack integration:
Go to Program Settings > Program > Integrations.
Click the Connect with Slack link.
Click Authenticate with Slack.
You'll be redirected to a Slack authorization screen where you'll be asked to grant HackerOne permissions to access your team. Note: If you have multiple Slack teams, select the one you want HackerOne to post to.
Click Authorize and you'll be redirected back to HackerOne to continue the setup of your Slack notifications.
Note: the following privileges are necessary for HackerOne to successfully set up Slack Integration:Access information about your public channels is needed to allow the admin configuring the integration to see all your current Slack channels which they can assign notifications towards.
View email addresses of people on your team is needed to set up username mapping between H1 and Slack for proper mentions.
Access your team's profile information is a standard permission for all Slack integrations. At this time, we don't have a way to reduce permissions if customers don't want to use all of these features.
Check out the FAQ section at the bottom of this page to understand why HackerOne needs access to so many permissions.
Add Notification Configuration for Slack
You can configure specific HackerOne activities you'd like to receive Slack notifications for.
To set up your notification configuration:
Go to your Slack integration settings in Program Settings > Program > Integrations.
Click Create your first Notification Configuration.
Select the public channel to post to in the Post to Channel field.
(Optional) Select I want to use a private channel to post your notification to a private channel, and manually type in the name of the private channel.
Select the specific activities you want to send to the channel. You can choose these options from the following categories and click Save.
Category | Options |
Report life cycle | You can select to receive notifications for various report actions such as Report was submitted and Report was triaged. |
Awards |
|
Disclosure |
|
Misc |
|
All of your selected notifications now be posted to your selected channel on Slack. To configure posting notifications to other channels, click Add Notification Configuration and follow steps 3-5 again.
Mapping Usernames
After configuring channel notifications, you have the option to map HackerOne usernames to Slack usernames. It's important to establish a link between these two usernames because when someone mentions your username in HackerOne, you’ll be notified just as if someone mentioned your username natively in Slack. This will ensure that you're appropriately notified in Slack to pay attention to the most critical HackerOne notifications when your username is mentioned specifically for a follow-up comment or action.
To map usernames in your Slack settings:
Go to the Slack Usernames section.
Type the Slack username associated with the corresponding HackerOne user in the Slack Username field.
Select the user from the dropdown.
Click Save.
Disconnecting Slack Integration
To disconnect your Slack integration, go to Settings > Program > Integrations > Slack and click Disconnect in your Slack settings.
FAQs
Q: Why must I authorize HackerOne access to so many permissions for my Slack integration?
A: We know it’s concerning that you have to give HackerOne access to information about your public channels, the email addresses of people on your team, and access to your team’s profile information. Keep in mind that we require these permissions because we’re using the following Slack methods for integration:
Method | Description |
mapping Slack users with HackerOne users | |
autocompleting channel chooser during setup and getting the current status of the channel (if it's still valid) | |
posting notifications to the chosen Slack channel |
Using these methods, we're able to request the following scopes:
Scope | Description |
for channels.list | |
for chat.postMessage | |
for users.list |
Due to limitations with the API, we can’t filter information from the scopes, so we need access to all permissions to successfully integrate with Slack.