Github Security And Analysis Notification to Slack & Email
Use the Github integration by MagicBell to setup a workflow when security_and_analysis triggers in Github.
Connect Github to MagicBell to receive events and trigger workflows. This guide uses the MagicBell CLI.
Add the Github integration
Save your Github webhook signing secret in MagicBell. See GitHub webhooks.
magicbell integration save_github \
--data '{"webhook_signing_secret":"your_secret_here"}'Copy the ID from the response and use it to build your webhook URL:
https://api.magicbell.com/v2/integrations/github/webhooks/incoming/{id}Setup the webhook
- Setup a webhook in Github with the URL from the last step.
- Select the security_and_analysis event.
- If you already have a webhook configured, make sure it includes this event.
Add a workflow
Create a workflow that triggers automatically when Github sends this event.
Workflow key
Use this key to trigger the workflow when Github sends a security_and_analysis:
integration.github.security_and_analysisExample workflow
Track when security features are enabled or disabled on repositories.
{
"key": "integration.github.security_and_analysis",
"steps": [
{
"command": "broadcast",
"input": {
"action_url": "{{payload.repository.html_url}}/settings/security_analysis",
"content": "{{payload.sender.login}} modified security settings on {{payload.repository.full_name}}. Advanced Security: {{payload.repository.security_and_analysis.advanced_security.status}}",
"overrides": {
"providers": {
"slack": {}
}
},
"recipients": [
{
"external_id": "security-team"
}
],
"title": "Security settings changed on {{payload.repository.name}}"
}
}
]
}Save with the CLI
Use the MagicBell CLI to save this workflow to your project. You can also use the Workflows API endpoint instead.
magicbell workflow save \
--data '{"key":"integration.github.security_and_analysis","steps":[{"command":"broadcast","input":{"action_url":"{{payload.repository.html_url}}/settings/security_analysis","content":"{{payload.sender.login}} modified security settings on {{payload.repository.full_name}}. Advanced Security: {{payload.repository.security_and_analysis.advanced_security.status}}","overrides":{"providers":{"slack":{}}},"recipients":[{"external_id":"security-team"}],"title":"Security settings changed on {{payload.repository.name}}"}}]}'Event payload
Sample payload for the security_and_analysis event. Use liquid templates to access fields in your workflow.
{
"changes": {
"from": {
"security_and_analysis": {
"advanced_security": {
"status": "disabled"
},
"secret_scanning": {
"status": "disabled"
},
"secret_scanning_push_protection": {
"status": "disabled"
}
}
}
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/111111?v=4",
"description": "Building great software",
"id": 111111,
"login": "acme",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjExMTExMQ==",
"url": "https://api.github.com/orgs/acme"
},
"repository": {
"default_branch": "main",
"full_name": "acme/project",
"html_url": "https://github.com/acme/project",
"id": 987654321,
"name": "project",
"node_id": "MDEwOlJlcG9zaXRvcnk5ODc2NTQzMjE=",
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/111111?v=4",
"html_url": "https://github.com/acme",
"id": 111111,
"login": "acme",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjExMTExMQ==",
"type": "Organization"
},
"private": true,
"security_and_analysis": {
"advanced_security": {
"status": "enabled"
},
"secret_scanning": {
"status": "enabled"
},
"secret_scanning_push_protection": {
"status": "enabled"
}
}
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/234567?v=4",
"html_url": "https://github.com/security-admin",
"id": 234567,
"login": "security-admin",
"node_id": "MDQ6VXNlcjIzNDU2Nw==",
"type": "User"
}
}