Slack & Jira Workflows

Why Notification Workflows Matter

A pentest that discovers critical vulnerabilities is only as valuable as the speed of your response. If findings sit unread in a dashboard for days, the window of exposure remains open. Notification workflows ensure the right people are alerted the moment findings are available, and ticketing integrations ensure remediation is tracked to completion.

TurboPentest integrates with Slack for real-time alerts and Jira for structured remediation tracking. Both integrations use webhooks — TurboPentest pushes events to your configured endpoints as they occur.

Slack Integration

Setting Up Slack Notifications

TurboPentest sends notifications to Slack via incoming webhooks. To configure:

1. Create a Slack App — Go to api.slack.com/apps and create a new app for your workspace. Enable Incoming Webhooks.
2. Generate a Webhook URL — Add a webhook to the channel where you want notifications (e.g., #security-alerts). Copy the webhook URL.
3. Configure in TurboPentest — Go to Settings > Integrations > Slack. Paste the webhook URL and select which events trigger notifications.

Notification Events

You can configure notifications for any combination of these events:

• Pentest Started — Notifies when a pentest begins, with target, tier, and estimated completion time
• Phase 1 Complete — Alerts when reconnaissance tools finish, with a summary of tool results
• Finding Discovered — Real-time alerts as Phase 2 agents discover individual findings (filterable by severity)
• Pentest Complete — Summary notification with total findings by severity and a link to the full report
• Finding Status Changed — Alerts when a finding's status changes in continuity tracking (new, persistent, fixed)

Severity Filtering

Not every team wants a Slack notification for every informational finding. TurboPentest lets you set a minimum severity threshold per channel:

• #security-critical — Only critical and high findings
• #security-all — All severities including informational
• #dev-team-alpha — Findings related to specific targets or tags

You can configure multiple webhook URLs with different severity filters to route notifications to different channels based on urgency.

Notification Format

Slack messages include rich formatting with:

• Severity badge (color-coded: red for critical, orange for high, yellow for medium, blue for low)
• Finding title and affected endpoint
• One-line description of the vulnerability
• Direct link to the finding detail page in TurboPentest
• Pentest ID and target for context

Jira Integration

Setting Up Jira Ticket Creation

TurboPentest can automatically create Jira tickets for findings, ensuring every vulnerability enters your remediation workflow:

1. Generate a Jira API Token — In Atlassian account settings, create an API token for TurboPentest.
2. Configure in TurboPentest — Go to Settings > Integrations > Jira. Enter your Jira instance URL, email, API token, and default project key.
3. Map Fields — Configure how TurboPentest finding fields map to your Jira issue fields.

Automatic Ticket Creation

When enabled, TurboPentest creates a Jira ticket for each finding that meets your severity threshold. The ticket includes:

• Summary — Finding title with severity prefix (e.g., "[HIGH] SQL Injection in /api/users")
• Description — Full finding details including the vulnerability explanation, proof-of-concept, affected endpoints, and remediation steps
• Priority — Mapped from TurboPentest severity (Critical = Highest, High = High, Medium = Medium, Low = Low)
• Labels — Auto-applied labels including turbopentest, the OWASP category, and the pentest tier
• Custom Fields — Configurable mapping to your custom Jira fields (CVSS score, CWE ID, etc.)

Deduplication

TurboPentest tracks which findings have already been ticketed. If a finding persists across repeat pentests, it does not create a duplicate ticket. Instead, it adds a comment to the existing ticket noting that the finding was observed again, with the date and pentest ID.

When a finding is marked as fixed in continuity tracking, TurboPentest can optionally transition the Jira ticket to your "Done" or "Verified" status.

Two-Way Sync

The Jira integration supports two-way status synchronization:

• When a Jira ticket is moved to "In Progress," the finding status in TurboPentest updates to reflect active remediation
• When TurboPentest's continuity tracking confirms a fix, the Jira ticket can be auto-transitioned
• Comments added in Jira appear as notes on the finding in TurboPentest

This ensures your security dashboard and your project management tool stay synchronized without manual updates.

Webhook Architecture

Both integrations use TurboPentest's webhook system. You can also configure raw webhooks to any HTTP endpoint for custom integrations:

{
  "event": "finding.discovered",
  "pentest_id": "pt_abc123",
  "finding": {
    "id": "f_xyz789",
    "title": "SQL Injection in /api/users",
    "severity": "high",
    "category": "A03:2021-Injection",
    "endpoint": "POST /api/users?sort=name"
  },
  "timestamp": "2025-01-15T14:32:00Z"
}

Webhooks include an HMAC signature in the X-TurboPentest-Signature header for verification. Your endpoint should validate this signature to ensure the webhook is authentic.

Best Practices

Separate channels by severity. Route critical/high findings to a dedicated channel with immediate attention, and medium/low to a triage channel reviewed weekly.

Set Jira thresholds appropriately. Creating tickets for every informational finding creates noise. Start with high and above, and lower the threshold as your team's remediation process matures.

Enable deduplication. Avoid duplicate tickets across repeat pentests by keeping the Jira integration's deduplication feature enabled.

Validate webhook signatures. Always verify the HMAC signature on incoming webhooks to prevent spoofed notifications.