Slack
10 min
slack edition enterprise only the slack integration scans messages, threads, and files across public and private channels in your slack workspace for credentials and other sensitive data to send trufflehog detections to slack as notifications, see the slack docid\ qhzefqryxhwodbj141n4o notifier instead slack continuous slack continuous continuously monitors your workspace for secrets it reads only the channels and conversations the trufflehog enterprise bot belongs to invite the bot to any public or private channel you want scanned slack continuous monitors your workspace for secrets two ways continuous secret detection as messages, files, and edits are posted, trufflehog enterprise scans them across public/private channels the app has been invited to historical secret detection (slack enterprise grid plan only, coming soon) scans existing workspace content, including attachments and archives, so secrets that leaked before you installed the app don't stay hidden configuration slack continuous can be configured in trufflehog enterprise under integrations self hosted scanners are not currently available for this mode from the integrations page in trufflehog click add integration select slack as the source choose slack continuous and continue to trufflehog's authorization handoff with slack on slack's authorization page, click allow to grant trufflehog access to your workspace name your new integration capabilities feature supported continuous monitoring ✅ scan public channels (including thread replies) ✅ scan edited messages ✅ scan canvases and lists ✅ scan files shared in conversations ✅ scan private channels (bot must be invited) ✅ scan direct messages the bot is part of ✅ scan group dms the bot is part of ✅ trufflehog requests read only bot scopes it scans content for secrets but never posts, modifies, or deletes anything in your workspace scope why trufflehog requests it channels\ history read messages in public channels the bot is in, so their content can be scanned groups\ history read messages in private channels the bot has been invited to im\ history read direct messages the bot is part of mpim\ history read group direct messages the bot is part of files\ read retrieve and scan files shared in those conversations channels\ read see public channel names and details, so findings tie back to the right channel groups\ read see private channel names and details for the same reason im\ read see basic details of direct messages the bot is part of mpim\ read see basic details of group direct messages the bot is part of app mentions\ read receive events when the app is @mentioned legacy slack scanner (to be deprecated) trufflehog's legacy slack scanner is no longer supported slack is deprecating the apis it relied on configure any new slack scanning via slack continuous these configuration details will remain until the legacy slack scanner is end of life configuration the legacy slack scanner be configured in trufflehog under integrations , or via a local configuration file (below) hosted configuration configure this integration from the integrations page in trufflehog the flow installs a slack app on your behalf with the appropriate scopes and rate limits self hosted configuration self hosted configuration requires creating a single workspace slack app and using its token multi workspace scanning requires a separate app per workspace step 1 create the slack app go to the slack app creation page and click to create a new app give the app a name and select the workspace you want trufflehog to scan each app is scoped to one workspace; create separate apps for additional workspaces in user token scopes , add the following scopes users\ read — read the user directory users\ read email — read user email addresses channels\ history — read public channel message history channels\ read — list public channels groups\ history — read private channel message history groups\ read — list private channels files\ read — read file content for scanning save the app and install it to your workspace if your account doesn't have permission to install apps, slack routes the request to your workspace admin give them a heads up before submitting copy the generated token you'll use it as the token value in the configuration below step 2 configure trufflehog sources \ connection "@type" type googleapis com/sources slack endpoint https //slack ourbusiness com token xxxxxxxxxxxxxxxxxxxxxxxxxx channels \ include channel ignorelist \ exclude channel name slack scanperiod 12h type source type slack verify true omit the channels field to scan all channels the token has access to configuration options field type required description endpoint string no the slack api endpoint defaults to slack cloud token string yes the slack app token with the scopes listed above channels list no explicit list of channels to scan omit to scan all accessible channels ignorelist list no channels to skip during scanning capabilities feature supported scan public channels ✅ scan private channels (authorizing user must have access) partial scan attachments ✅ scan archive files ✅ scan base64 encoded data ✅ scan binaries ✅ scan microsoft office files ✅ include / exclude filters ✅ auto resume ✅
