Originally posted at https://tech.labs.oliverwyman.com/blog/2019/05/24/vellere/
So I made Vellere, a tool for browsing the security vulnerabilities in your repositories, with the option to send notifications to Slack. Given you’ve probably (we certainly do) got at least one Slack channel for each active project, telling it about the project channel means that everyone gets told ASAP when new vulnerabilities turn up. It uses a combination of the Github GraphQL API for periodic polling, plus webhooks to be notified at the time of vulnerability discovery. It also keeps track of the resolved vulnerabilities, which given the Github UI has a tendency to just delete them once they’ve been resolved is helpful to know they weren’t just some sort of weird software mirage.