Notifications & Alerts

Notifications & Alerts

Stay informed about scan results and security events across your repositories. Ossprey can notify you when scans complete, when malicious packages are detected, and when action is required.


Notification channels

GitHub PR checks

When the Ossprey CLI is run with --github-comments in a GitHub Actions workflow triggered by a pull request, scan results are posted as inline PR review comments highlighting malicious packages, plus a summary comment on the PR thread.

Email alerts

Receive notifications directly to your inbox or team distribution list, with customisable frequency.

Slack integration (coming soon)

Post alerts directly to your Slack workspace channels or direct messages, with rich formatting including scan details.

Webhook integration (coming soon)

Send alerts to any system via HTTP webhooks — SIEM systems, ticketing systems, or automation platforms.


Alert types

  • Malicious package detected — immediate notification when a malicious package is found in any scan
  • Scan complete — optional notification when scans finish, with a summary of results
  • Scan failed — notification if a scan fails to complete, so you can investigate and retry


Managing notification preferences

Granular notification preferences — including severity filtering, asset-level filtering, and quiet hours — are currently in development. For now, you can control notifications through the --github-comments CLI flag and by checking the dashboard regularly.


What's available today

While additional notification channels are in development, you can:
  • Check the dashboard regularly — the home page shows your malware count; if it increases, investigate immediately
  • Use the CLI in CI/CD — the CLI exits with code 1 when malware is found, which will fail your pipeline and alert you
  • Use the --github-comments flag — get PR-level feedback directly in your pull requests
  • Export SBOM results — use the --output flag to save scan results as JSON for integration with your own monitoring


Feedback welcome

We're actively developing alerting features. If you have specific needs or suggestions, let us know which integrations are most important to you — contact us at  support@ossprey.com .