Run scans from Slack
Connect your Slack workspace and start a scan from any channel with /wasviking scan, then get the results posted back when the scan finishes.
WASViking® can run a scan from inside Slack. Once your workspace is connected, anyone in it can type a slash command in a channel to start a scan and the results are posted back to that same channel when the scan finishes.
/wasviking scan https://app.yoursite.com
This is a separate integration from alert routing. Alert routing (findings, SLA breaches, supply chain advisories) is configured under Alerts and described in Notification Channels and Slack and Teams. The slash command described here is configured under Settings.
Before you start
You need three things:
- A target already registered in WASViking. The slash command will only scan a domain or subdomain that exists in Scans → Targets. See Targets and assets and Your first scan for how to add one.
- A role that can edit integrations. The Connect to Slack button is available to roles with the integrations permission (Org Admin by default). Other roles see the button disabled with a note explaining which role is required.
- Slack workspace administrator rights, which Slack requires to install an app and approve the requested permissions.
Connect your workspace
- In the portal, go to Settings → System Settings → Slack.
- The panel shows Not connected. Select Connect to Slack.
- Slack opens its authorization screen. Review the permissions WASViking requests and approve them for your workspace.
- Slack returns you to the portal. The panel now shows Connected to your workspace name, the workspace ID, and the date the connection was made.
One Slack workspace maps to one WASViking organization.
Permissions WASViking requests
| Permission | Why it is needed |
|---|---|
commands |
Register and receive the /wasviking slash command. |
chat:write |
Post scan results back to the channel. |
channels:read |
Read basic channel information for routing. |
WASViking does not read your channel history or message content. The
app posts only in response to a /wasviking command and only to the
channel where the command was run.
Register the target first
A scan from Slack runs against an existing target. If the domain or subdomain in your command is not registered, the scan does not start and Slack replies that the target is not in WASViking, with a link to add it.
This is intentional. Targets carry the authorization, scope, and scan configuration for a host. Requiring the target up front keeps Slack a trigger, not a way to scan arbitrary hosts. Add the target once in Scans → Targets, then scan it from Slack as often as you need.
To check what is available without leaving Slack, run
/wasviking targets to list the targets registered for your
organization.
Commands
| Command | What it does |
|---|---|
/wasviking scan <url> |
Start a scan on a registered target. |
/wasviking targets |
List the targets registered for your organization. |
/wasviking help |
Show the available commands and usage. |
Examples
/wasviking scan https://app.company.com
/wasviking scan app.company.com
/wasviking targets
/wasviking help
You can pass the URL with or without the https:// prefix, and Slack's
automatic link formatting is handled for you. The host has to resolve to
a target you have already registered.
Command replies are private to the person who ran the command. The final scan results are posted to the channel so the rest of the team can see them.
What happens after you run a scan
- WASViking confirms the scan has started and notes that it can take up to about fifteen minutes.
- The scan runs with the configuration saved on that target, the same engine used for scans started from the portal.
- When the scan finishes, WASViking posts a result message to the channel with: - the target that was scanned, - a count of findings by severity (High, Medium, Low, Info), - a button to open the full report in the portal, - a button to download a PDF report, available for a limited time.
If the scan fails or is canceled, the channel gets a short message saying so instead of a severity summary.
Replies you may see
| Situation | Reply |
|---|---|
| Target not registered | The target is not in WASViking, with a link to add it under Targets, then run the scan again. |
| Hourly limit reached | The scan limit for your organization has been reached. Wait before starting another. |
| URL not understood | A note asking for a full URL such as https://app.company.com. |
| Workspace not connected | A note that the workspace is not connected, with a pointer to set up the integration in the portal. |
Limits
- Scans started from Slack are rate limited to five per hour per organization. Scans started from the portal, schedules, or the API are not affected by this limit.
- Each command reply is visible only to the person who ran it. Only the final result message is posted to the channel.
- Results are delivered to the channel the command was run in.
Security and audit
- The connection stores a Slack bot token for your workspace. It is encrypted at rest and never shown after the connection is made.
- Every request from Slack is verified using Slack's request signing before WASViking acts on it, and stale requests are rejected.
- Every
/wasvikingcommand is recorded with the Slack user, channel, command text, target, and outcome, so you have an audit trail of what was triggered from Slack and by whom.
What it does not do
The slash command starts scans and reports results. It does not change finding status, manage targets, or alter configuration from Slack. For inbound automation such as transitioning findings or wiring scans into other systems, use the public REST API or the webhook events.
Disconnect
To remove the integration, go to Settings → System Settings → Slack
and select Disconnect Workspace. The /wasviking command stops
working for the workspace immediately. Reconnect at any time with
Connect to Slack.