Skip to content

feat(pki): add slack webhook to alerts #5346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
saifsmailbox98 wants to merge 13 commits into from
Closed

feat(pki): add slack webhook to alerts #5346

saifsmailbox98 wants to merge 13 commits into from

Conversation

@saifsmailbox98
Copy link
Contributor

@saifsmailbox98 saifsmailbox98 commented Feb 2, 2026
edited
Loading

Context

This adds slack webhook to PKI alerts, earlier we only had emails and general webhooks.

Screenshots

CleanShot 2026-02-03 at 02 36 53@2x CleanShot 2026-02-03 at 02 37 04@2x

Steps to verify the change

Add a slack webhook url to a new PKI alert

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Read the contributing guide

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 2, 2026
edited
Loading

Greptile Overview

Greptile Summary

This PR adds Slack webhook integration to PKI alerts, allowing notifications to be sent to Slack channels alongside existing email and webhook channels.

Key Changes:

  • Added buildSlackPayload function to format certificate expiration alerts with color-coded urgency (red for <7 days, yellow otherwise)
  • Implemented triggerSlackWebhook with proper error handling and URL path masking in logs
  • Added SSRF protection via blockLocalAndPrivateIpAddresses before making webhook requests
  • Added hostname validation in Zod schemas to ensure URLs are from hooks.slack.com
  • Updated frontend UI to include Slack channel option with proper form validation
  • Documentation updated to explain Slack webhook setup

Security Measures:

  • Webhook URL hostname validated to be exactly hooks.slack.com (prevents DNS rebinding attacks)
  • SSRF protection blocks requests to private/internal IPs
  • Webhook URL paths masked in logs to avoid exposing secret tokens
  • HTTPS enforced for all Slack webhook URLs

All previously reported issues have been addressed by the developer.

Confidence Score: 5/5

  • This PR is safe to merge with no blocking issues
  • The implementation follows security best practices with proper SSRF protection, URL validation, and secret masking. All previously identified security concerns have been addressed. The code is well-structured and consistent with existing patterns.
  • No files require special attention

Important Files Changed

Filename Overview
backend/src/services/pki-alert-v2/pki-alert-v2-notification-fns.ts Added Slack webhook notification functions with proper URL masking for security
backend/src/services/pki-alert-v2/pki-alert-v2-service.ts Integrated Slack channel with SSRF protection via blockLocalAndPrivateIpAddresses
backend/src/services/pki-alert-v2/pki-alert-v2-types.ts Added Slack config schema with hostname validation to prevent SSRF attacks
frontend/src/views/PkiAlertsV2Page/components/CreatePkiAlertV2FormSteps.tsx Added Slack channel UI with proper form controls and display formatting

greptile-apps[bot]
greptile-apps bot reviewed Feb 2, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4 files reviewed, 4 comments

Edit Code Review Agent Settings | Greptile

@maidul98
Copy link
Collaborator

maidul98 commented Feb 2, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@saifsmailbox98
Copy link
Contributor Author

saifsmailbox98 commented Feb 2, 2026

@greptile review

@saifsmailbox98
Use blockLocalAndPrivateIpAddresses for SSRF, add PkiAlertRunStatus e…
5f1c181 
…num, move webhook types to types file, increase timeout to 7s, and document channel retry behavior
@saifsmailbox98
Add scrollable container for error messages in PKI alert rows
1319cc0
@saifsmailbox98
Enforce maximum of 10 notification channels per PKI alert, fix trunca…
6e4b9f7 
…tion issues with long wehbook hostnames
@saifsmailbox98
Send in-app notifications to project admins on PKI alert channel fail…
c321340 
…ures
@saifsmailbox98
Add Slack integration for PKI alert notifications
126ce03
@saifsmailbox98
Enhance Slack webhook security: mask URL paths in logs, validate host…
379a8c5 
…names, and block private IPs
@saifsmailbox98
Refactor: Move Slack notification types from pki-alert-v2-notificatio…
23e980b 
…n-fns to pki-alert-v2-types for improved maintainability
@saifsmailbox98
Merge remote-tracking branch 'origin/saif/pki-107-notification-channe…
8c81cb4 
…l-webhooks' into saif/pki-108-notification-channel-webhook-slack-integration

# Conflicts:
#	backend/src/services/pki-alert-v2/pki-alert-v2-notification-fns.ts
#	backend/src/services/pki-alert-v2/pki-alert-v2-service.ts
#	frontend/src/views/PkiAlertsV2Page/components/CreatePkiAlertV2FormSteps.tsx
@saifsmailbox98
Add Slack channel type support to ViewPkiAlertV2Modal
c64fe3d
@saifsmailbox98 saifsmailbox98 marked this pull request as draft February 4, 2026 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlosmonastyrski carlosmonastyrski Awaiting requested review from carlosmonastyrski

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saifsmailbox98 @maidul98