First you need to create a Slack workflow as follows:
Automations>Workflows>+ New Workflow>Build Workflow- Name the workflow
SecurityScorecard Slack notification Start the workflow...>Choose an event>From a webhookSet Up Variables- Key:
grade> Data type:Text - Key:
domain> Data type:Text
Done>Continue- Right-hand menu:
Messages>Send a message to a channel Select a channeldrop-down > choose the channel where you want to send the SecurityScorecard gradeAdd a message>Current SecurityScorecard for>Insert a variable> Selectdomain>: Grade>Insert a variable> Selectgrade>Save
- Click
Finish Upbutton to publish the workflow
Then you need to securely store the Slack webhook URL as a GitHub Actions secret:
- Go back to the
... More>Automations>Workflows>Managed by youscreen - Click
SecurityScorecard Slack notificationthenCopy workflow linkbutton - Go to the
Settings>Secrets and variables>Actionsscreen on your GitHub repo - Click the
New Repository secretbutton - Give it the name
SLACK_WEBHOOKand paste the webhook URL you copied from Slack - Save the secret
- Now copy
securityscorecard-slack-notification.ymlto your repo's.github/workflowsfolder - Replace
github.cominsecurityscorecard-slack-notification.ymlwith the domain of your company - Commit the changes
The SecurityScorecard grade of the domain you specified will be posted to the Slack channel you chose above on the first Monday of each month.
