Integrations are intended to make work and the flow of information smoother. In our case, the integrations expedite critical vulnerability information found by Detectify to security teams and the application owners. That way, you can receive vulnerability information directly into your digital workplace of choice.
Our solution seemed to be achieving this for our customers and the use cases kept growing and eventually outgrowing our scalability. Detectify users are increasing the number of web applications and domains they monitor over time, and creating custom integrations for each of these web assets quickly becomes a tedious task. Where there’s a lot of tedious, repetitive work, there’s an opportunity for automation!
We went back to the drawing table to scale up and make integrations simple again. We’ve come back with Detectify Integrations 2.0 that delivers more automated vulnerability feedback in fewer clicks!
What has been improved?
Integration instances are now called Feeds in the tool to help make it more intuitive. The difference will be noticed by existing users right away because you can set up integrations based on the Team-level or per web application – you can customize it to work for you! This helps minimize the noise for other Detectify users in your organization.
With the flip of the virtual switch to on, newly detected assets will automatically get new feeds set up for the right teams in the right places. You can turn it on and forget about it, and leave the security alerting to us!
What kind of alerts are dispatched in integrations?
- Notifications when a scan starts and finishes
- Alerts on based on vulnerability severity
- Warnings specific to subdomain takeover vulnerabilities
- Vulnerability findings report summary
- Custom alerts specific to each web application scanned and the responsible development team
Image: Detectify security scan report summary dispatched to Slack
Timeline for Detectify integrations:
In the world on CI/CD, things will come in waves, right? In the first iteration, we will cover the most popular integrations, Slack, and Jira. We’ve released the new Slack-Detectify integration today (22 September) and JIRA will follow after this.
Flowing information from Detectify to Slack
Setting up the Slack integration will send you automatic notifications when vulnerabilities are detected. You can customize this for medium, high or critical vulnerabilities only and newly detected bugs without having to log into Detectify first.
Image: example of a newly detected finding alert in Slack
Detectify integrating with JIRA
To help you ship secure code, Detectify integrates directly into the popular development tool for agile teams, Atlassian’s JIRA. When dispatched, tickets are created for detected vulnerabilities directly in the development queue for prioritization. You can control which severity you wish to be alerted about.
Other integrations available:
You can still use the existing integrations in their current state. If we see great success with our Slack and Jira integrations, we’ll will then start upgrading these as well. Until then, you can still use them as is and if you have any feedback let us know via the comment box in the Detectify Dashboard.
What about API and webhooks?
Depending on your subscription level, you can take advantage of the powerful Detectify API and create customized scan alerts. You can also scan scans via a few lines of code through the API. Learn more about the API and webhooks options:
Not using Integrations or Detectify just yet?
It’s easy to start! Integrations are available in the free trial period, giving you time to test out a new way of keeping track of vulnerabilities lingering if you web applications. Sign up for Detectify today and start receiving alerts about fixable security bugs right away.