ezRACI logo

Step-by-Step Guide: Integrating Checkmarx with Slack & Microsoft Teams

This guide will help you set up Checkmarx integrations with Slack and Microsoft Teams for real-time vulnerability notifications, task tracking, and compliance reporting.

BlogTechnology & Software Development Step-by-Step Guide: Integrating Checkmarx with Slack & Microsoft Teams

This guide will help you set up Checkmarx integrations with Slack and Microsoft Teams for real-time vulnerability notifications, task tracking, and compliance reporting.


🔹 Integration with Slack

Step 1: Create a Slack Channel for Security Alerts

  1. Open Slack and go to "Create a Channel".

  2. Name it something like #security-alerts or #checkmarx-scans.

  3. Set the channel to Private if you want to restrict access to security and development teams.

Step 2: Enable Incoming Webhooks in Slack

  1. Go to Slack API Webhooks.

  2. Click "Create an App" → Choose "From Scratch".

  3. Give your app a name (e.g., Checkmarx Notifier) and select your Slack workspace.

  4. Under "Features", enable "Incoming Webhooks".

  5. Click "Add New Webhook to Workspace" and choose the #security-alerts channel.

  6. Copy the Webhook URL provided.

Step 3: Configure Checkmarx to Send Alerts to Slack

  1. Log in to Checkmarx One or CxSAST.

  2. Navigate to "Notifications & Alerts" settings.

  3. Select "Create New Notification" and set conditions for alerts (e.g., high-risk vulnerabilities).

  4. Choose "Webhook" as the notification method.

  5. Paste the Slack Webhook URL.

  6. Customize the message format using JSON:

{

"text": "🚨 *Checkmarx Security Alert* 🚨\n*Critical Vulnerability Found!*\n📝 *Repository:* WebApp\n🔍 *Issue:* SQL Injection (CWE-89)\n📍 *File:* login.php, Line 35\n🔗 *View Report:* \n🏷 *Assigned to:* @DeveloperX\n📅 *Due Date:* March 10, 2025"

}

  1. Save the notification settings and run a test scan.

Result: When a security scan finds an issue, a message like this will appear in Slack:

🚨 Checkmarx Security Alert! 🚨

📝 Repository: WebApp

🔍 Issue: SQL Injection (CWE-89)

📍 File: login.php, Line 35

đź”— View Report: [Checkmarx Dashboard Link]

🏷 Assigned to: @DeveloperX

đź“… Due Date: March 10, 2025

🔹 Integration with Microsoft Teams

Step 1: Create a Security Alerts Channel in Teams

  1. Open Microsoft Teams and select "Teams" from the left panel.

  2. Click "Create a Team" or use an existing team.

  3. Within the team, create a new channel named "Security Alerts".

  4. Set the privacy settings based on your organization’s security needs.

Step 2: Enable Incoming Webhooks for Teams

  1. Open Microsoft Teams and go to Apps.

  2. Search for "Incoming Webhook" and click "Add to a Team".

  3. Select the "Security Alerts" channel.

  4. Click "Configure", give the webhook a name (e.g., Checkmarx Alerts), and upload an icon (optional).

  5. Click "Create" and copy the Webhook URL.

Step 3: Configure Checkmarx to Send Alerts to Teams

  1. Log in to Checkmarx One or CxSAST.

  2. Go to "Notifications & Alerts".

  3. Select "Create New Notification" and choose "Webhook" as the alert type.

  4. Paste the Teams Webhook URL.

  5. Use the following JSON format for the Teams message:

{

"@type": "MessageCard",

"@context": "http://schema.org/extensions",

"themeColor": "FF0000",

"summary": "Checkmarx Security Alert",

"sections": [{

"activityTitle": "🚨 *Checkmarx Security Alert!* 🚨",

"facts": [

{ "name": "Repository", "value": "WebApp" },

{ "name": "Issue", "value": "SQL Injection (CWE-89)" },

{ "name": "File", "value": "login.php, Line 35" },

{ "name": "Assigned to", "value": "@DeveloperX" },

{ "name": "Due Date", "value": "March 10, 2025" }

],

"markdown": true

}],

"potentialAction": [{

"@type": "OpenUri",

"name": "View Report",

"targets": [{ "os": "default", "uri": "https://checkmarx.com/dashboard" }]

}]

}

  1. Save and test the webhook.

Result: When Checkmarx finds an issue, a formatted message will appear in Microsoft Teams:

🚨 Checkmarx Security Alert! 🚨

📝 Repository: WebApp

🔍 Issue: SQL Injection (CWE-89)

📍 File: login.php, Line 35

đź”— View Report: [Checkmarx Dashboard Link]

🏷 Assigned to: @DeveloperX

đź“… Due Date: March 10, 2025

Additional Enhancements

âś… Automate Workflow Approvals

  • Use Slack Workflow Builder or Power Automate in Teams to create approval workflows.

  • Security leads get notified when vulnerabilities are fixed and can approve directly from Slack/Teams.

âś… Track Issue Resolution with Jira or Azure DevOps

  • Configure Checkmarx to send Jira/Azure DevOps tickets for security issues.

  • Use Slack/Teams integrations for Jira/Azure DevOps to sync security fixes.

âś… Send Weekly Security Reports

  • Automate Checkmarx security reports to post in Slack/Teams every Monday.

  • Example message:

📊 *Weekly Security Report*

🔍 Total Scans: 15

⚠️ High-Risk Vulnerabilities: 3

✅ Resolved: 2 | 🚨 Pending: 1

📝 Audit Log: [Link to Full Report]

Conclusion

By integrating Checkmarx with Slack or Microsoft Teams, organizations can:

  • 🚀 Improve real-time security awareness

  • đź”’ Ensure faster remediation of vulnerabilities

  • âś… Enhance compliance tracking with automated reports

  • đź”— Streamline DevSecOps collaboration