Notifications¶
The platform supports multiple notification channels that can be combined. Each finding can trigger notifications on several channels at once.
Channels¶
Email¶
- Delivery to corporate emails.
- Configurable recipient list — e.g., security@yourcompany.com + the CISO personally.
- Digest support — hourly/daily summary instead of individual emails.
Webhook¶
- HTTP POST to your endpoint with a JSON payload.
- For integrating with SIEM (Splunk, ELK), ticketing (Jira, ServiceNow), Slack, Microsoft Teams.
- HMAC-SHA256 signature for source verification.
Slack (roadmap Q4 2026)¶
A separate Slack App integration — richer than webhook (rich messages with buttons, threads).
Microsoft Teams (roadmap Q4 2026)¶
Similar to Slack.
SMS (Enterprise tier)¶
Critical findings only. Delivered via Twilio.
Notification rules¶
Configured at Settings → Notifications → Rules.
Each rule has:
- Name — for convenience.
- Conditions — when to trigger:
- Severity (
>= High,== Critical). - Detection source (HIBP only / GitHub only / all).
- DataSource — only react to findings for a specific domain/email.
- Tags — custom tags you put on findings.
- Channels — where to send: email list / webhook URL / Slack channel.
- Active — on/off.
Example rule¶
Critical security incidents - Severity:
>= Critical- Source: any - Channels: - Email: security-oncall@yourcompany.com - Webhook: https://soc.yourcompany.com/api/incidents - SMS: +380... (CISO)Daily digest - Severity:
>= Medium- Source: any - Channels: Email digest to security@yourcompany.com at 09:00
Webhook payload¶
Sample payload sent to your endpoint:
json
{
"event": "finding.created",
"timestamp": "2026-06-29T10:23:45Z",
"organization_id": "org_abc123",
"finding": {
"id": "find_xyz789",
"severity": "high",
"source": "github",
"title": "AWS Access Key in public repo",
"description": "...",
"data_source": "yourcompany.com",
"discovered_at": "2026-06-29T10:23:40Z",
"url": "https://bcp.bytecode.team/findings/find_xyz789",
"external_url": "https://github.com/..."
},
"signature": "sha256=..."
}
The HMAC signature comes in the X-BCP-Signature header.
Quiet hours¶
Configured globally for the organization:
- Working hours — e.g., Mon-Fri 09:00-18:00 in your timezone.
- Off-hours — only
Criticalarrives immediately, the rest are batched to next working day. Critical— always ASAP.
Anti-flood¶
If many similar findings appear in a short window (e.g., first HIBP scan surfaces dozens of historical breaches), the platform groups them into one notification with a link to the list.
Testing¶
The Send test notification button in each channel's settings — sends a test message to verify delivery.
Notification audit¶
Settings → Notifications → Delivery log — list of all sent notifications with status (delivered / failed / retrying). Useful for troubleshooting.