Github secret_scanning_alert Event Notification to Slack & Email
Learn how to listen to the secret_scanning_alert webhook event from Github to trigger a notification workflow in MagicBell.
Event payload
Sample payload for the secret_scanning_alert event.
{
"action": "created",
"alert": {
"created_at": "2025-01-15T11:00:00Z",
"html_url": "https://github.com/acme/project/security/secret-scanning/1",
"locations_url": "https://api.github.com/repos/acme/project/secret-scanning/alerts/1/locations",
"number": 1,
"push_protection_bypassed": false,
"push_protection_bypassed_at": null,
"push_protection_bypassed_by": null,
"resolution": null,
"resolution_comment": null,
"resolved_at": null,
"resolved_by": null,
"secret": "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"secret_type": "github_personal_access_token",
"secret_type_display_name": "GitHub Personal Access Token",
"state": "open",
"updated_at": "2025-01-15T11:00:00Z",
"url": "https://api.github.com/repos/acme/project/secret-scanning/alerts/1"
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/111111",
"description": "Building great software",
"id": 111111,
"login": "acme"
},
"repository": {
"default_branch": "main",
"full_name": "acme/project",
"html_url": "https://github.com/acme/project",
"id": 987654321,
"name": "project",
"node_id": "MDEwOlJlcG9zaXRvcnk5ODc2NTQzMjE=",
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/111111",
"html_url": "https://github.com/acme",
"id": 111111,
"login": "acme",
"type": "Organization"
},
"private": false,
"visibility": "public"
},
"sender": {
"id": 123456789,
"login": "github-advanced-security[bot]",
"type": "Bot"
}
}Connect Github to MagicBell to receive events and trigger workflows. This guide uses the MagicBell CLI.
Add the Github integration
Save your Github webhook signing secret in MagicBell. See GitHub webhooks.
magicbell integration save_github \
--data '{"webhook_signing_secret":"your_secret_here"}'Copy the ID from the response and use it to build your webhook URL:
https://api.magicbell.com/v2/integrations/github/webhooks/incoming/{id}Setup the webhook
- Setup a webhook in Github with the URL from the last step.
- Select the secret_scanning_alert event.
- If you already have a webhook configured, make sure it includes this event.
Add a workflow
Create a workflow that triggers automatically when Github sends this event. Use liquid templates to access fields in your workflow.
Workflow key
Use this key to trigger the workflow when Github sends a secret_scanning_alert event:
integration.github.secret_scanning_alertFilter by action: GitHub sends the event type in the header and the action in the payload body. Use an if condition to filter for the created action:
"if": "payload.action == 'created'"Example workflow
Urgent notification when secrets are detected in the repository.
{
"key": "integration.github.secret_scanning_alert.created",
"steps": [
{
"command": "broadcast",
"input": {
"action_url": "{{payload.alert.html_url}}",
"content": "A {{payload.alert.secret_type_display_name}} was detected in {{payload.repository.full_name}}. Immediate action required to revoke and rotate this secret.",
"overrides": {
"providers": {
"email": {},
"slack": {}
}
},
"recipients": [
{
"external_id": "security-team"
}
],
"title": "Secret Detected: {{payload.alert.secret_type_display_name}}"
}
}
]
}Save with the CLI
Use the MagicBell CLI to save this workflow to your project. You can also use the Workflows API endpoint instead.
magicbell workflow save \
--data '{"key":"integration.github.secret_scanning_alert.created","steps":[{"command":"broadcast","input":{"action_url":"{{payload.alert.html_url}}","content":"A {{payload.alert.secret_type_display_name}} was detected in {{payload.repository.full_name}}. Immediate action required to revoke and rotate this secret.","overrides":{"providers":{"email":{},"slack":{}}},"recipients":[{"external_id":"security-team"}],"title":"Secret Detected: {{payload.alert.secret_type_display_name}}"}}]}'Test the workflow
Use the Github CLI to trigger test events and verify your workflow executes correctly.
1. Trigger a test event
Use the GitHub CLI to forward webhook events from your repository to MagicBell:
gh webhook forward \
--events=secret_scanning_alert \
--url=https://api.magicbell.com/v2/integrations/github/webhooks/incoming/{id}2. Verify the workflow ran
Check that MagicBell received the event and executed the workflow:
magicbell workflow list_runs --workflow_key integration.github.secret_scanning_alert.created3. Debug issues
If the workflow failed or you need more details, fetch the run to see step-by-step execution:
magicbell workflow fetch_run --run_id {run_id}