ModernPentestModernPentest
Guides

Integrations

Connect ModernPentest with Slack, Jira, GitHub Actions, and more

Integrations

Connect ModernPentest with your existing tools and workflows for seamless security operations.

Available Integrations

Communication

  • Slack - Real-time notifications and alerts
  • Microsoft Teams - Team notifications
  • Email - Digests and alerts

Issue Tracking

  • Jira - Create and sync issues
  • Linear - Modern issue tracking
  • GitHub Issues - Repository-based tracking

CI/CD Pipelines

  • GitHub Actions - Workflow integration
  • GitLab CI - Pipeline integration
  • Jenkins - Build automation
  • CircleCI - Continuous integration

Alerting

  • PagerDuty - On-call escalation
  • Opsgenie - Incident management
  • Webhooks - Custom integrations

Slack Integration

Get real-time security alerts in your team's Slack workspace.

Setup

  1. Go to Settings > Integrations
  2. Click Connect Slack
  3. Authorize ModernPentest in your workspace
  4. Select channels for different alert types

Screenshot: Slack integration setup

Alert Types

Configure which events trigger Slack notifications:

EventDefault Channel
Critical vulnerability found#security-alerts
Pentest completed#security
Weekly summary#security

Example Alert

🔴 Critical Vulnerability Detected

SQL Injection in /api/users
Application: Production API
Severity: Critical (CVSS 9.8)

→ View Details | Mark as False Positive | Snooze

Jira Integration

Automatically create Jira issues for vulnerabilities and track remediation.

Setup

  1. Go to Settings > Integrations
  2. Click Connect Jira
  3. Enter your Jira instance URL (e.g., yourcompany.atlassian.net)
  4. Authenticate with your API token
  5. Map projects and issue types

Screenshot: Jira integration setup

Features

  • Auto-create issues - New findings automatically create Jira tickets
  • Bidirectional sync - Status changes sync both ways
  • Rich details - Issues include full vulnerability information
  • Link to reports - Direct links to ModernPentest findings

Field Mapping

ModernPentestJira Field
TitleSummary
DescriptionDescription
SeverityPriority
CategoryLabels
ApplicationComponent
EvidenceAttachment

Configuration Options

  • Auto-create threshold - Only create issues for Critical/High severity
  • Project mapping - Route issues to different projects by application
  • Assignee rules - Auto-assign based on application or severity

CI/CD Integration

Block deployments when critical vulnerabilities are found.

GitHub Actions

name: Security Pentest
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  security-pentest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run ModernPentest
        uses: modernpentest/pentest-action@v1
        with:
          api-key: ${{ secrets.MODERNPENTEST_API_KEY }}
          target: ${{ secrets.STAGING_URL }}
          pentest-type: quick
          fail-on: critical,high

Parameters:

  • api-key - Your ModernPentest API key (store as secret)
  • target - URL to test (typically staging environment)
  • pentest-type - quick, standard, or deep
  • fail-on - Severity levels that fail the build

GitLab CI

security-pentest:
  stage: test
  image: modernpentest/cli:latest
  script:
    - modernpentest run
      --api-key $MODERNPENTEST_API_KEY
      --target $CI_ENVIRONMENT_URL
      --type quick
      --fail-on critical,high
  only:
    - merge_requests
    - main
  artifacts:
    reports:
      junit: security-report.xml

Best Practices

  1. Use quick pentests in CI - Fast feedback without blocking deploys
  2. Test staging first - Catch issues before production
  3. Store API keys securely - Use CI/CD secrets
  4. Set appropriate thresholds - Balance security with velocity

Webhooks

Send pentest results to any endpoint for custom integrations.

Configuration

{
  "url": "https://your-server.com/webhook",
  "events": ["pentest.completed", "vulnerability.found"],
  "headers": {
    "Authorization": "Bearer your-token"
  }
}

Available Events

EventDescription
pentest.startedPentest has begun
pentest.completedPentest finished
vulnerability.foundNew vulnerability detected
vulnerability.fixedVulnerability marked as fixed

Payload Example

{
  "event": "vulnerability.found",
  "timestamp": "2025-01-15T10:30:00Z",
  "data": {
    "id": "vuln_abc123",
    "title": "SQL Injection",
    "severity": "critical",
    "cvss": 9.8,
    "application": {
      "id": "app_xyz789",
      "name": "Production API",
      "url": "https://api.example.com"
    },
    "location": {
      "url": "/api/users",
      "parameter": "id",
      "method": "GET"
    }
  }
}

Webhook Security

Verify webhook authenticity using the signature header:

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expected}`)
  );
}

API Access

For full programmatic control, use our REST API:

  • Trigger pentests programmatically
  • Retrieve findings and reports
  • Manage applications
  • Configure settings

See API Reference for complete documentation.

Next Steps

Last updated: December 8, 2025

On this page

IntegrationsAvailable IntegrationsCommunicationIssue TrackingCI/CD PipelinesAlertingSlack IntegrationSetupAlert TypesExample AlertJira IntegrationSetupFeaturesField MappingConfiguration OptionsCI/CD IntegrationGitHub ActionsGitLab CIBest PracticesWebhooksConfigurationAvailable EventsPayload ExampleWebhook SecurityAPI AccessNext Steps