This guide will help you set up Checkmarx integrations with Slack and Microsoft Teams for real-time vulnerability notifications, task tracking, and compliance reporting.
This guide will help you set up Checkmarx integrations with Slack and Microsoft Teams for real-time vulnerability notifications, task tracking, and compliance reporting.
Open Slack and go to "Create a Channel".
Name it something like #security-alerts
or #checkmarx-scans
.
Set the channel to Private if you want to restrict access to security and development teams.
Go to Slack API Webhooks.
Click "Create an App" → Choose "From Scratch".
Give your app a name (e.g., Checkmarx Notifier) and select your Slack workspace.
Under "Features", enable "Incoming Webhooks".
Click "Add New Webhook to Workspace" and choose the #security-alerts
channel.
Copy the Webhook URL provided.
Log in to Checkmarx One or CxSAST.
Navigate to "Notifications & Alerts" settings.
Select "Create New Notification" and set conditions for alerts (e.g., high-risk vulnerabilities).
Choose "Webhook" as the notification method.
Paste the Slack Webhook URL.
Customize the message format using JSON:
{
"text": "🚨 *Checkmarx Security Alert* 🚨\n*Critical Vulnerability Found!*\n📝 *Repository:* WebApp\n🔍 *Issue:* SQL Injection (CWE-89)\n📍 *File:* login.php, Line 35\n🔗 *View Report:*
}
Save the notification settings and run a test scan.
Result: When a security scan finds an issue, a message like this will appear in Slack:
🚨 Checkmarx Security Alert! 🚨
📝 Repository: WebApp
🔍 Issue: SQL Injection (CWE-89)
📍 File: login.php, Line 35
đź”— View Report: [Checkmarx Dashboard Link]
🏷 Assigned to: @DeveloperX
đź“… Due Date: March 10, 2025
Open Microsoft Teams and select "Teams" from the left panel.
Click "Create a Team" or use an existing team.
Within the team, create a new channel named "Security Alerts".
Set the privacy settings based on your organization’s security needs.
Open Microsoft Teams and go to Apps.
Search for "Incoming Webhook" and click "Add to a Team".
Select the "Security Alerts" channel.
Click "Configure", give the webhook a name (e.g., Checkmarx Alerts), and upload an icon (optional).
Click "Create" and copy the Webhook URL.
Log in to Checkmarx One or CxSAST.
Go to "Notifications & Alerts".
Select "Create New Notification" and choose "Webhook" as the alert type.
Paste the Teams Webhook URL.
Use the following JSON format for the Teams message:
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "FF0000",
"summary": "Checkmarx Security Alert",
"sections": [{
"activityTitle": "🚨 *Checkmarx Security Alert!* 🚨",
"facts": [
{ "name": "Repository", "value": "WebApp" },
{ "name": "Issue", "value": "SQL Injection (CWE-89)" },
{ "name": "File", "value": "login.php, Line 35" },
{ "name": "Assigned to", "value": "@DeveloperX" },
{ "name": "Due Date", "value": "March 10, 2025" }
],
"markdown": true
}],
"potentialAction": [{
"@type": "OpenUri",
"name": "View Report",
"targets": [{ "os": "default", "uri": "https://checkmarx.com/dashboard" }]
}]
}
Save and test the webhook.
Result: When Checkmarx finds an issue, a formatted message will appear in Microsoft Teams:
🚨 Checkmarx Security Alert! 🚨
📝 Repository: WebApp
🔍 Issue: SQL Injection (CWE-89)
📍 File: login.php, Line 35
đź”— View Report: [Checkmarx Dashboard Link]
🏷 Assigned to: @DeveloperX
đź“… Due Date: March 10, 2025
Use Slack Workflow Builder or Power Automate in Teams to create approval workflows.
Security leads get notified when vulnerabilities are fixed and can approve directly from Slack/Teams.
Configure Checkmarx to send Jira/Azure DevOps tickets for security issues.
Use Slack/Teams integrations for Jira/Azure DevOps to sync security fixes.
Automate Checkmarx security reports to post in Slack/Teams every Monday.
Example message:
📊 *Weekly Security Report*
🔍 Total Scans: 15
⚠️ High-Risk Vulnerabilities: 3
✅ Resolved: 2 | 🚨 Pending: 1
📝 Audit Log: [Link to Full Report]
By integrating Checkmarx with Slack or Microsoft Teams, organizations can:
🚀 Improve real-time security awareness
đź”’ Ensure faster remediation of vulnerabilities
âś… Enhance compliance tracking with automated reports
đź”— Streamline DevSecOps collaboration