Set up Notifications
In this section we’ll set up an integration webhook and use it to receive notifications from DryRun Security.
Prerequisite - You'll need a Slack Webhook URL that can receive messages from DryRun Security.
Note: currently only Slack webhooks are supported.
Log in the the DryRun Security portal at https://app.dryrun.security (opens in a new tab).
Navigate to the Settings section.
You'll see the available Integrations that can be configured.
Click Details on the Slack integration card.
You'll see the the configuration options for the Integration.
From here, you can...
- Configure a Global Integration for use across the Repositories in your organization
- Configure a Targeted, Non-global Integration for use in the
.dryrunsecurity.yamlconfiguration file in specific repositories
Configure a Global Integration
A global integration will work across the Repositories in your organization with no additional configuration.
In the Webhook URL box, add the URL for the Slack Webhook that was set up to receive notifications.
Choose a Risk Level.
Note: As DryRun Security runs, it will assign a Risk Level to changes in the code base. Notifications will be sent on changes that match the Risk Level you've selected.
Leave Enabled selected.
Leave Global checked.
Click Save.
Once you click Save the Test button will be enabled. Clicking the Test button will send a message to the Webhook URL to validate the setup is working.
Done! You've configured a global integration that will receive notifications as changes are made that match the configured Risk Level.
Configure a Targeted Integration
A targeted, non-global integration can be referenced in the .dryrunsecurity.yaml file of a Repository. This can be used to receive notifications about a specific Repository in a specific channel.
In the Webhook URL box, add the URL for the Slack Webhook that was set up to receive notifications.
Choose a Risk Level.
Note: As DryRun Security runs, it will assign a Risk Level to changes in the code base. Notifications will be sent on changes that match the Risk Level you've selected.
Leave Enabled selected.
Uncheck the Global option
You'll notice a Name box has been added to the form. This box contains the name of the integration that can be used in the .dryrunsecurity.yaml file.
Click Save.
Once you click Save the Test button will be enabled. Clicking the Test button will send a message to the Webhook URL to validate the setup is working.
Done! You've configured a targeted integration.
Configure a Notification in .dryrunsecurity.yaml
Now, the integration can be added to a .dryrunsecurity.yaml configuration file.
Note: To setup a .dryrunsecurity.yaml file see Configure a GtiHub Repository (opens in a new tab)
Create or locate the .dryrunsecurity.yaml file at the root of the Repository to be configured.
Copy the value from the Name box of the integration.
In the .dryrunsecurity.yaml file, add a notifications block as follows.
Replace your-integration-name with the value from the Name box.
notifications:
enabled: true
integrationNames:
- your-integration-nameAdd/Update the .dryrunsecurity.yaml file in the root of your repository following your normal process.
Done! Now changes in the Repository that match the integrations's Risk Level will trigger a notification.