Skip to content

Notifications

The platform supports multiple notification channels that can be combined. Each finding can trigger notifications on several channels at once.

Channels

Email

  • Delivery to corporate emails.
  • Configurable recipient list — e.g., security@yourcompany.com + the CISO personally.
  • Digest support — hourly/daily summary instead of individual emails.

Webhook

  • HTTP POST to your endpoint with a JSON payload.
  • For integrating with SIEM (Splunk, ELK), ticketing (Jira, ServiceNow), Slack, Microsoft Teams.
  • HMAC-SHA256 signature for source verification.

Slack (roadmap Q4 2026)

A separate Slack App integration — richer than webhook (rich messages with buttons, threads).

Microsoft Teams (roadmap Q4 2026)

Similar to Slack.

SMS (Enterprise tier)

Critical findings only. Delivered via Twilio.

Notification rules

Configured at Settings → Notifications → Rules.

Each rule has:

  • Name — for convenience.
  • Conditions — when to trigger:
  • Severity (>= High, == Critical).
  • Detection source (HIBP only / GitHub only / all).
  • DataSource — only react to findings for a specific domain/email.
  • Tags — custom tags you put on findings.
  • Channels — where to send: email list / webhook URL / Slack channel.
  • Active — on/off.

Example rule

Critical security incidents - Severity: >= Critical - Source: any - Channels: - Email: security-oncall@yourcompany.com - Webhook: https://soc.yourcompany.com/api/incidents - SMS: +380... (CISO)

Daily digest - Severity: >= Medium - Source: any - Channels: Email digest to security@yourcompany.com at 09:00

Webhook payload

Sample payload sent to your endpoint:

json { "event": "finding.created", "timestamp": "2026-06-29T10:23:45Z", "organization_id": "org_abc123", "finding": { "id": "find_xyz789", "severity": "high", "source": "github", "title": "AWS Access Key in public repo", "description": "...", "data_source": "yourcompany.com", "discovered_at": "2026-06-29T10:23:40Z", "url": "https://bcp.bytecode.team/findings/find_xyz789", "external_url": "https://github.com/..." }, "signature": "sha256=..." }

The HMAC signature comes in the X-BCP-Signature header.

Quiet hours

Configured globally for the organization:

  • Working hours — e.g., Mon-Fri 09:00-18:00 in your timezone.
  • Off-hours — only Critical arrives immediately, the rest are batched to next working day.
  • Critical — always ASAP.

Anti-flood

If many similar findings appear in a short window (e.g., first HIBP scan surfaces dozens of historical breaches), the platform groups them into one notification with a link to the list.

Testing

The Send test notification button in each channel's settings — sends a test message to verify delivery.

Notification audit

Settings → Notifications → Delivery log — list of all sent notifications with status (delivered / failed / retrying). Useful for troubleshooting.