Step-by-Step Guide: Integrating Checkmarx with Slack & Microsoft Teams

This guide will help you set up Checkmarx integrations with Slack and Microsoft Teams for real-time vulnerability notifications, task tracking, and compliance reporting.

🔹 Integration with Slack

Step 1: Create a Slack Channel for Security Alerts

1. Open Slack and go to "Create a Channel".

2. Name it something like #security-alerts or #checkmarx-scans.

3. Set the channel to Private if you want to restrict access to security and development teams.

Step 2: Enable Incoming Webhooks in Slack

1. Go to Slack API Webhooks.

2. Click "Create an App" → Choose "From Scratch".

3. Give your app a name (e.g., Checkmarx Notifier) and select your Slack workspace.

4. Under "Features", enable "Incoming Webhooks".

5. Click "Add New Webhook to Workspace" and choose the #security-alerts channel.

6. Copy the Webhook URL provided.

Step 3: Configure Checkmarx to Send Alerts to Slack

1. Log in to Checkmarx One or CxSAST.

2. Navigate to "Notifications & Alerts" settings.

3. Select "Create New Notification" and set conditions for alerts (e.g., high-risk vulnerabilities).

4. Choose "Webhook" as the notification method.

5. Paste the Slack Webhook URL.

6. Customize the message format using JSON:

{

"text": "🚨 *Checkmarx Security Alert* 🚨\n*Critical Vulnerability Found!*\n📝 *Repository:* WebApp\n🔍 *Issue:* SQL Injection (CWE-89)\n📍 *File:* login.php, Line 35\n🔗 *View Report:* \n🏷 *Assigned to:* @DeveloperX\n📅 *Due Date:* March 10, 2025"

}

1. Save the notification settings and run a test scan.

Result: When a security scan finds an issue, a message like this will appear in Slack:

🚨 Checkmarx Security Alert! 🚨

📝 Repository: WebApp

🔍 Issue: SQL Injection (CWE-89)

📍 File: login.php, Line 35

🔗 View Report: [Checkmarx Dashboard Link]

🏷 Assigned to: @DeveloperX

📅 Due Date: March 10, 2025

🔹 Integration with Microsoft Teams

Step 1: Create a Security Alerts Channel in Teams

1. Open Microsoft Teams and select "Teams" from the left panel.

2. Click "Create a Team" or use an existing team.

3. Within the team, create a new channel named "Security Alerts".

4. Set the privacy settings based on your organization’s security needs.

Step 2: Enable Incoming Webhooks for Teams

1. Open Microsoft Teams and go to Apps.

2. Search for "Incoming Webhook" and click "Add to a Team".

3. Select the "Security Alerts" channel.

4. Click "Configure", give the webhook a name (e.g., Checkmarx Alerts), and upload an icon (optional).

5. Click "Create" and copy the Webhook URL.

Step 3: Configure Checkmarx to Send Alerts to Teams

1. Log in to Checkmarx One or CxSAST.

2. Go to "Notifications & Alerts".

3. Select "Create New Notification" and choose "Webhook" as the alert type.

4. Paste the Teams Webhook URL.

5. Use the following JSON format for the Teams message:

{

"@type": "MessageCard",

"@context": "http://schema.org/extensions",

"themeColor": "FF0000",

"summary": "Checkmarx Security Alert",

"sections": [{

"activityTitle": "🚨 *Checkmarx Security Alert!* 🚨",

"facts": [

{ "name": "Repository", "value": "WebApp" },

{ "name": "Issue", "value": "SQL Injection (CWE-89)" },

{ "name": "File", "value": "login.php, Line 35" },

{ "name": "Assigned to", "value": "@DeveloperX" },

{ "name": "Due Date", "value": "March 10, 2025" }

],

"markdown": true

}],

"potentialAction": [{

"@type": "OpenUri",

"name": "View Report",

"targets": [{ "os": "default", "uri": "https://checkmarx.com/dashboard" }]

}]

}

1. Save and test the webhook.

Result: When Checkmarx finds an issue, a formatted message will appear in Microsoft Teams:

🚨 Checkmarx Security Alert! 🚨

📝 Repository: WebApp

🔍 Issue: SQL Injection (CWE-89)

📍 File: login.php, Line 35

🔗 View Report: [Checkmarx Dashboard Link]

🏷 Assigned to: @DeveloperX

📅 Due Date: March 10, 2025

Additional Enhancements

✅ Automate Workflow Approvals

• Use Slack Workflow Builder or Power Automate in Teams to create approval workflows.

• Security leads get notified when vulnerabilities are fixed and can approve directly from Slack/Teams.

✅ Track Issue Resolution with Jira or Azure DevOps

• Configure Checkmarx to send Jira/Azure DevOps tickets for security issues.

• Use Slack/Teams integrations for Jira/Azure DevOps to sync security fixes.

✅ Send Weekly Security Reports

• Automate Checkmarx security reports to post in Slack/Teams every Monday.

• Example message:

📊 *Weekly Security Report*

🔍 Total Scans: 15

⚠️ High-Risk Vulnerabilities: 3

✅ Resolved: 2 | 🚨 Pending: 1

📝 Audit Log: [Link to Full Report]

Conclusion

By integrating Checkmarx with Slack or Microsoft Teams, organizations can:

• 🚀 Improve real-time security awareness

• 🔒 Ensure faster remediation of vulnerabilities

• ✅ Enhance compliance tracking with automated reports

• 🔗 Streamline DevSecOps collaboration