HackerOne + Slack
Connect HackerOne and Slack to Speed Up Vulnerability Response
Get bug bounty alerts and security report updates straight into your team's Slack channels.
Why integrate HackerOne and Slack?
HackerOne is the world's leading bug bounty and vulnerability disclosure platform. Slack is where most security teams actually work. When a critical vulnerability comes in, every minute of delay adds risk — and if your engineers are checking a separate dashboard to find out about it, that's a problem. Connecting HackerOne with Slack through tray.ai replaces manual dashboard monitoring with automated notifications and workflows, so your security engineers, triage teams, and stakeholders hear about issues the moment they land.
Automate & integrate HackerOne & Slack
Use case
Instant Critical Vulnerability Alerts
When a new HackerOne report comes in with a critical or high severity rating, tray.ai posts a detailed alert to your designated security Slack channel automatically. The message includes the report title, severity, affected asset, and a direct link for immediate triage. Your fastest responders are engaged within seconds of a report landing.
Use case
Report Status Change Notifications
As HackerOne reports move through triage — from new to triaged, needs more info, resolved, or closed — tray.ai pushes status updates into Slack threads or dedicated channels. Teams always know where each finding stands without leaving Slack. The constant back-and-forth of status check-ins between security and engineering largely disappears.
Use case
Bounty Award and Hacker Communication Updates
When a bounty is awarded or a hacker comment needs a response, tray.ai sends a Slack notification to program managers so nothing gets missed. Responding to researchers quickly matters for program reputation and hacker engagement — automating these nudges means your team stays on top of it without relying on memory or manual checks.
Use case
Daily or Weekly Vulnerability Program Digests
tray.ai can compile a scheduled digest from HackerOne — covering new submissions, open reports by severity, resolved findings, and total bounties paid — and post it to a Slack channel for leadership and security managers. No more manual reporting. Stakeholders stay informed without attending dedicated status meetings.
Use case
Coordinated Incident Response Threads
When a HackerOne report is escalated to an active incident, tray.ai can automatically create a dedicated Slack channel, invite relevant stakeholders, and post all known report details to kick off a coordinated response. The right people are assembled and informed from the moment an incident is declared — no scrambling to share context across scattered messages.
Use case
New Program Scope or Policy Change Announcements
When your HackerOne program scope changes — new assets added, rules of engagement updated, or a program moving from private to public — tray.ai broadcasts those changes to relevant internal Slack channels automatically. Keeping engineering, legal, and security aligned on scope prevents unauthorized testing and compliance gaps. Automated announcements mean critical policy updates don't get buried.
Use case
SLA Breach Warnings for Open Reports
tray.ai monitors HackerOne reports against your internal SLA thresholds and sends Slack warnings to triage leads when a report is approaching or has passed its response deadline. Security managers can step in before a report becomes a public-facing complaint, protecting your program's reputation and hacker trust scores.
Get started with HackerOne & Slack integration today
HackerOne & Slack Challenges
What challenges are there when working with HackerOne & Slack and how will using Tray.ai help?
Challenge
High Volume of Reports Creating Slack Noise
Active bug bounty programs can receive dozens of submissions a day, and forwarding every HackerOne report to Slack will bury channels in low-signal notifications, causing alert fatigue and training teams to ignore them.
How Tray.ai Can Help:
tray.ai's workflow logic lets teams apply conditional filters — routing only critical and high-severity reports to urgent channels, medium reports to a triage queue channel, and informational submissions to a low-priority digest. Slack notifications stay actionable rather than becoming background noise.
Challenge
Keeping Slack Messages in Sync with Evolving Report Status
HackerOne reports change state frequently as they move through triage, and a static Slack notification goes stale fast, leaving team members acting on outdated information.
How Tray.ai Can Help:
tray.ai stores Slack message timestamps and uses them to post threaded replies whenever a HackerOne report status changes, keeping all updates organized under the original alert without cluttering the main channel.
Challenge
Routing Notifications to the Right Teams and Channels
Large organizations have multiple teams — AppSec, InfraSec, DevOps, Legal, and Executive — who each need different levels of detail about HackerOne reports. A single generic Slack notification doesn't serve any of them well.
How Tray.ai Can Help:
tray.ai's branching and routing logic inspects report metadata like affected asset type, severity, and program to determine which Slack channels and user groups receive each notification, so the right message reaches the right audience without manual intervention.
Challenge
Authenticating and Maintaining Secure API Connections
Connecting HackerOne's API with Slack means managing OAuth tokens, API credentials, and webhook configurations — and keeping those connections healthy as credentials rotate or programs change is real operational overhead.
How Tray.ai Can Help:
tray.ai's enterprise connector management handles secure credential storage, token refresh, and connection health monitoring for both HackerOne and Slack, so teams can focus on building workflows rather than babysitting authentication infrastructure.
Challenge
Handling Duplicate or Retracted Report Notifications
HackerOne reports can be marked as duplicate, retracted, or spam after initial submission. Without deduplication logic, Slack channels fill with notifications about reports that ultimately need no action.
How Tray.ai Can Help:
tray.ai workflows can detect when a report transitions to a closed, duplicate, or spam state and either suppress follow-up notifications or post a clear resolution update, keeping channels clean and reducing unnecessary investigation effort.
Start using our pre-built HackerOne & Slack templates today
Start from scratch or use one of our pre-built HackerOne & Slack templates to quickly solve your most common use cases.
HackerOne & Slack Templates
Find pre-built HackerOne & Slack solutions for common use cases
Template
New HackerOne Report to Slack Channel Alert
Automatically posts a formatted Slack message to a security channel whenever a new report is submitted to HackerOne, including severity, affected asset, report summary, and a direct link to the report.
Steps:
- Trigger when a new report is created in HackerOne via webhook or polling
- Extract report details including title, severity, asset, and reporter handle
- Post a richly formatted Slack message to the designated security channel
Connectors Used: HackerOne, Slack
Template
Critical and High Severity HackerOne Reports to Slack with On-Call Mention
Filters incoming HackerOne reports by severity and sends an urgent Slack alert with an @mention of the on-call security engineer for all critical and high-severity findings.
Steps:
- Trigger on new HackerOne report submission
- Check severity level and filter for critical or high ratings only
- Post a Slack alert to the incident channel with @oncall mention and report details
Connectors Used: HackerOne, Slack
Template
HackerOne Report Status Updates to Slack Thread
Tracks HackerOne report lifecycle changes and automatically posts status updates into a Slack thread tied to the original report alert, keeping all communication in one place.
Steps:
- Trigger when a HackerOne report status is updated
- Look up the corresponding original Slack message timestamp using the report ID
- Post a threaded reply in Slack with the new status, timestamp, and any triage notes
Connectors Used: HackerOne, Slack
Template
Weekly HackerOne Program Summary Digest to Slack
Runs on a schedule to query HackerOne for the week's report activity and posts a structured digest to a Slack channel, covering new submissions, resolutions, average severity, and bounties paid.
Steps:
- Trigger on a weekly schedule using tray.ai's time-based trigger
- Query HackerOne API for reports submitted, resolved, and bounties awarded in the past 7 days
- Format and post a structured summary message to the security or leadership Slack channel
Connectors Used: HackerOne, Slack
Template
HackerOne SLA Breach Monitor with Slack Escalation
Periodically checks all open HackerOne reports for SLA compliance and sends Slack notifications to triage leads when reports are nearing or past their response deadlines.
Steps:
- Trigger on a recurring schedule to poll open HackerOne reports
- Calculate time elapsed since report submission and compare against SLA thresholds
- Send a Slack alert to the triage lead channel listing at-risk or breached reports
Connectors Used: HackerOne, Slack
Template
HackerOne Incident Escalation to Dedicated Slack Channel
When a HackerOne report is marked as a confirmed high-impact incident, tray.ai automatically creates a dedicated Slack channel, invites relevant stakeholders, and populates it with all known report details to start a coordinated response.
Steps:
- Trigger when a HackerOne report severity is escalated to critical or marked as an incident
- Create a new Slack channel named after the report ID and invite security, engineering, and management members
- Post the full report context, asset details, and recommended immediate actions to the new channel
Connectors Used: HackerOne, Slack