This project integrate Slack and JFrog Xray so you could get Xray's notifications directly to your Slack.
We will use Xray's Webhooks to define our server's and base on the policy/rules our webhook will be notified with the alerts about violations (security or licenses).
It makes use of Express.js, a minimal and flexible Node.js framework that includes a myriad of HTTP utility methods for quickly creating robust APIs. We also use the Body Parser package, which is Node.js middleware that allows us to process any POST requests we receive.
🛠 For more details check this post
Now it's time to see routes.js file and the end-point that is being used:
/xray/api - Get the notification from Xray and send messages to Slack. Each violation will be sent as one message. To make it more efficient we aren't sending all the issues' data per violation. However, if you wish to get more information, please feel free to fork this project and add fields to the message.
ℹ️ If you wish to see how the JSON payload from Xray is going to look like check: z_example-of-xray-webhook-data.json
- Install NodeJS and make sure you run:
npm install
So you will have all the modules that we are using.
-
Defined Xray's webook by following these steps. If you wish to see (even) better tutorial check this post.
-
Copy this project and change (in .env file placed in the root directory):
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/specific-string-from-slack/more-chars-from-slack-that-are-unique
-
Create a Slack App by following this tutorial on Incoming Webhooks For Slack
-
Check and see the channel you defined at #3 for incoming notification. They should look like this:
If you wish to be up and running without the need to install anything you can take this project and 'remix' it to create your own version. This will give you the option to skip step #0 and have a working example in minutes.
Go have a ☕️ and check your Slack channel for messages.