Skip to main content

Security Hub Slack Notifications

Introduction

Each AWS account under the Modernisation Platform (MP) Organizational Unit (OU) has Security Hub enabled, and all findings are centralised into the eu-west-2 region.

To receive the Security Hub severity summary in Slack, you need to:

  • Add the Slack channel name as a tag in the <application>.json file in modernisation-platform repository
  • Store the Slack webhook URL as a secret via the workflow

Steps

Add Security Hub Slack Channel Tag to <application>.json

In the <application>.json file, add or update the securityhub-slack-channel tag under tags

You can find your <application>.json file in the modernisation-platform repository under the environments/ folder.

Example

"tags": {
  "application": "modernisation-platform",
  "business-unit": "Platforms",
  "securityhub-slack-channel": "modernisation-platform",
  "critical-national-infrastructure": false
}

Trigger the Slack Webhook Workflow

After committing the updated JSON file, merge the PR. Then, manually trigger the GitHub Actions workflow to add or update the Slack webhook URL.

Run the Update Securityhub Slack Secret Workflow

Click on “Run workflow” and provide the following inputs:

  • Application name: the name of your application (e.g., modernisation-platform)
  • Slack webhook URL: the full Slack webhook URL (e.g., <slack webhook url>)

Once the workflow completes successfully, you will see the confirmation message:

Slack channel <slack channel name> webhook added/updated in secret

Daily Notification Job

A scheduled GitHub Actions job runs daily to send a summary of Security Hub severity findings to the Slack channel you specified in the tag.

The summary includes counts of findings by severity (e.g., Critical, High, Medium, Low) of the particular account

You can see an example of the summary results here.

If you do not receive a daily message, please raise an issue in #ask-modernisation-platform.

This page was last reviewed on 9 July 2025. It needs to be reviewed again on 9 January 2026 by the page owner #modernisation-platform .