Channel configuration
Channels live in Settings -> Notifications. Each channel has a name, a type-specific config, and a list of subscribed events. Sensitive fields (webhook URLs, integration keys, signing secrets) are stored encrypted at rest and masked everywhere except the moment of entry.
Live test delivery is currently webhook-only. Generic webhook channels expose a Test button that sends a synthetic event through the same delivery path as production traffic (including signature generation). For email, Slack, Teams, PagerDuty, and OpsGenie channels, validate by subscribing the channel to a low-severity event in a test rule and triggering it (e.g. dispatch a scan against a known-vulnerable image). Live "Test" buttons for these channels are on the roadmap.
Email notifications go to a recipient list you specify per channel. There is no per-user opt-in; whoever you list receives every event the channel is subscribed to.
- Add channel -> Email.
- Recipients: comma-separated email addresses.
- Subscribe to events; severity and digest mode are configured per rule.
- Verify by triggering a subscribed event (live Test button is webhook-only — see callout above).
Subject lines are formatted as [HarborGuard] <Event title>. The body is HTML with a deep link to the dashboard.
Slack
- In Slack: Apps -> Incoming Webhooks -> Add to workspace, choose the destination channel, copy the webhook URL.
- In HarborGuard: Add channel -> Slack, paste the URL.
- Verify by triggering a subscribed event (live Test button is webhook-only).
Severity is shown as the attachment color: red for CRITICAL, orange for HIGH, yellow for warnings, green for info. The attachment title is a clickable deep link to the affected resource.
Microsoft Teams
- In Teams: open the target channel, More options -> Connectors -> Incoming Webhook -> Configure, give it a name, copy the URL.
- In HarborGuard: Add channel -> Microsoft Teams, paste the URL.
- Verify by triggering a subscribed event (live Test button is webhook-only).
Teams renders the same color-coded card as Slack.
PagerDuty
PagerDuty channels page on-call when something breaks. They automatically drop anything below HIGH severity.
- In PagerDuty: Services -> + Add -> Generic (or pick an existing service) -> Integrations -> Events API v2.
- Copy the Integration Key (32 lowercase hex chars).
- In HarborGuard: Add channel -> PagerDuty, paste the integration key.
- Verify by triggering a subscribed
CRITICALorHIGHevent (live Test button is webhook-only); resolve the resulting incident manually.
CRITICAL events trigger a critical PagerDuty incident; HIGH events trigger error. The incident summary follows the format <Event title>: <message>, with component: harborguard-scanner and group: container-security.
OpsGenie
- In OpsGenie: Teams -> [your team] -> Integrations -> Add integration -> API.
- Copy the API key. Note your region —
https://api.opsgenie.comfor US,https://api.eu.opsgenie.comfor EU. - In HarborGuard: Add channel -> OpsGenie, paste the API key and select the region.
- Verify by triggering a subscribed event (live Test button is webhook-only).
Generic webhook
The most flexible channel — HarborGuard POSTs a JSON payload to a URL you control. Use this to bridge to ChatOps platforms not listed above, internal SIEMs, or custom workflows.
- Add channel -> Webhook.
- URL: any HTTPS endpoint you control. Plain HTTP is rejected.
- Signing secret: optional but strongly recommended. If set, every request includes an
X-HarborGuard-Signatureheader containing the HMAC-SHA256 of the body. - Subscribe to events.
- Click Test.
The payload schema, headers, retry behavior, and verification code live in Webhooks.
Editing and deleting channels
Editing a channel updates its config in place. The next event uses the new settings. Deleting a channel removes it entirely; in-flight deliveries complete first. There is no soft-delete; if you need to disable a channel temporarily, unsubscribe it from all events instead.