You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
*[Start H1 Response](start-h1-response.html) or [Start H1 Bounty](start-h1-bounty.html).
24
+
*[Start HackerOne Response](start-h1-response.html) or [Start HackerOne Bounty](start-h1-bounty.html).
25
25
*[Contact HackerOne](https://support.hackerone.com/hc/en-us/requests/new) to work with one of our program managers to get guidance on setting up your program.
With Slack integration, your team can stay up to date on HackerOne report activities without needing to leave Slack. Activities such as report triaged, bounty paid, and new comments added will trigger notifications in your selected channel. You can customize which activities you want to be notified about in which channels so that teams can only see what’s relevant to them.
8
8
9
-
<i>Note: Slack integration is only available to H1 Response and H1 Bounty Pro (and above) customers. For more details, see product editions. Existing users of the Slack integration will also need to navigate to **Settings > Program > Integrations > Slack** to enable the new settings.</i>
9
+
<i>Note: Slack integration is only available to HackerOne Response and HackerOne Bounty Pro (and above) customers. For more details, see product editions. Existing users of the Slack integration will also need to navigate to **Settings > Program > Integrations > Slack** to enable the new settings.</i>
4. You'll be redirected to a Slack authorization screen where you'll be asked to grant HackerOne permissions to access your team. *Note: If you have multiple Slack teams, select the one you want HackerOne to post to.*
18
18
5. Click **Authorize** and you'll be redirected back to HackerOne to continue the setup of your Slack notifications. <br> *Note: the following privileges are necessary for HackerOne to successfully set up Slack Integration:*
19
19
***Access information about your public channels** is needed to allow the admin configuring the integration to see all your current Slack channels which they can assign notifications towards.
20
20
***View email addresses of people on your team** is needed in order to set up username mapping between H1 and Slack for proper mentions.
21
21
***Access your team's profile information** is a standard permission for all Slack integrations. At this time, we don't have a way to reduce permissions if customers don't want to use all of these features.
22
-
23
-
Check out the FAQ section at the bottom of this page to understand why HackerOne needs access to so many permissions.
22
+
23
+
Check out the FAQ section at the bottom of this page to understand why HackerOne needs access to so many permissions.
24
24
25
25
### Add Notification Configuration for Slack
26
26
You can configure specific HackerOne activities you'd like to receive Slack notifications for.
27
27
28
28
To set up your notification configuration:
29
29
1. Go to your Slack integration settings in **Settings > Program > Integrations**.
30
30
2. Click **Create your first Notification Configuration**.
31
-
3. Select the public channel to post to in the **Post to Channel** field.
31
+
3. Select the public channel to post to in the **Post to Channel** field.
32
32
4. <i>(Optional)</i> Select **I want to use a private channel** to post your notification to a private channel, and manually type in the name of the private channel.
@@ -41,30 +41,30 @@ Awards | <ul><li>Bounty suggested</li><li>A bounty has been paid</li><li>Not eli
41
41
Disclosure | <ul><li>Agreed on going public</li><li>Report became public</li><li>Manually disclosed</li>
42
42
Misc | <ul><li>The assignee of the report has been changed</li><li>An internal comment was added to the report</li><li>A public comment was added to the report</li><li>Report locked, hackers can't reply on the report anymore
43
43
44
-
5. Click **Save**.
44
+
5. Click **Save**.
45
45
46
-
All of your selected notifications now be posted to your selected channel on Slack. To configure posting notifications to other channels, click **Add Notification Configuration** and follow steps 3-5 again.
46
+
All of your selected notifications now be posted to your selected channel on Slack. To configure posting notifications to other channels, click **Add Notification Configuration** and follow steps 3-5 again.
47
47
48
48
### Mapping Usernames
49
49
After configuring channel notifications, you have the option to map HackerOne usernames to Slack usernames. It's important to establish a link between these two usernames because when someone mentions your username in HackerOne, you’ll be notified just as if someone mentioned your username natively in Slack. This'll ensure that you're appropriately notified in Slack to pay attention to the most critical HackerOne notifications when your username is mentioned specifically for a follow-up comment or action.
50
50
51
-
To map usernames in your Slack settings:
52
-
1. Go to the **Slack Usernames** section.
51
+
To map usernames in your Slack settings:
52
+
1. Go to the **Slack Usernames** section.
53
53
2. Type the Slack username associated with the corresponding HackerOne user in the Slack Username field.
To disconnect your slack integration, go to **Settings > Program > Integrations > Slack** and click **Disconnect** in your Slack settings.
60
+
To disconnect your slack integration, go to **Settings > Program > Integrations > Slack** and click **Disconnect** in your Slack settings.
61
61
62
62
### FAQs
63
63
#### Q: Why must I authorize HackerOne access to so many permissions for my Slack integration?
64
64
65
65
A: We know it’s concerning that you have to give HackerOne access to information about your public channels, the email addresses of people on your team, and access to your team’s profile information. Keep in mind that we require these permissions because we’re using the following Slack methods for integration:
66
66
67
-
Method | Description
67
+
Method | Description
68
68
------ | ------------
69
69
https://api.slack.com/methods/users.list | mapping Slack users with HackerOne users
70
70
https://api.slack.com/methods/channels.list | autocompleting channel chooser during setup and getting current status of the channel (if it's still valid)
@@ -78,4 +78,4 @@ https://api.slack.com/scopes/channels:read | for channels.list
78
78
https://api.slack.com/scopes/chat:write:bot | for chat.postMessage
79
79
https://api.slack.com/scopes/users:read | for users.list
80
80
81
-
Due to limitations with the API, we can’t filter information from the scopes, and so it’s necessary that access to all permissions are given in order to successfully integrate with Slack.
81
+
Due to limitations with the API, we can’t filter information from the scopes, and so it’s necessary that access to all permissions are given in order to successfully integrate with Slack.
3.*(Optional)* Click the **[Human Augmented Signal](human-augmented-signal.html)** toggle to be either on or off.
14
-
4. Once you've completed all of the fields in step 1 of the Setup Guide, click **Submit for Approval** to have HackerOne review your program.
11
+
1. Select **Edit** to edit your policy and scope.
12
+
2. Select **Edit** to edit your profile.
13
+
3.*(Optional)* Click the **[Human Augmented Signal](human-augmented-signal.html)** toggle to be either on or off.
14
+
4. Once you've completed all of the fields in step 1 of the Setup Guide, click **Submit for Approval** to have HackerOne review your program.
15
15
5. If your program is approved by HackerOne, your program will be placed in controlled launch where it'll remain private and visible to only a select number of hackers. To publicly launch your program, your program must:
16
16
* Receive at least 10 reports and have invited 100 hackers
17
17
* Meet the baseline responsiveness limits
18
-
6. Once you've met the criteria, the **Public Launch** button will appear. You can publicly self-launch your program when you're ready to.
18
+
6. Once you've met the criteria, the **Public Launch** button will appear. You can publicly self-launch your program when you're ready to.
0 commit comments