# Notification Targets

When Shisho Cloud detects a policy violation, you can view it on the [Shisho Cloud dashboard](/docs/g/concepts/dashboard.md) and send notifications to external services.

## Notifications from Shisho Cloud to External Services

All notifications are managed through workflows.

![](/docs/_md-assets/45d0c0b173-how-workflows-work.png)

Specifically, the **`notify` block** within a workflow's job controls notifications.

For example, the following manifest defines a workflow that sends notifications to the [notification group](/docs/g/concepts/notification-group.md) with the ID `NGFOO`:

```yaml
jobs:
  - name: check-with-foobar
    id: check-with-foobar
    decide:
      # ...
    notify:
      rego: |
        import data.shisho

        notifications[n] {
          n := shisho.notification.to_group(
            "NGFOO",
            "test"
          )
        }
```

## Notification Targets

Shisho Cloud can send notifications to entities called **notification targets**.

### Supported Notification Targets

Shisho Cloud currently supports the following notification targets:

- Slack channels
- Comments on GitHub Issues and Pull Requests
- Email addresses

:::caution
You might need to configure additional settings depending on the notification target. For more information, see the next section.
:::

## Configuring Notification Target Settings

You might need to configure additional settings to receive notifications depending on the notification target type.

### Configuring Slack Notifications

To receive notifications on a Slack channel, complete the [Slack workspace integration process](/docs/g/getting-started/integrate-apps/slack.md) and add the **Shisho Cloud** Slack app to the Slack channel:

:::info
You must perform this configuration **on the Slack side**.
:::

1. Right-click the Slack channel where you want to receive notifications, and select "View Channel Details."

   ![](/docs/_md-assets/fc0ed1590c-notification-slack-1.png)

2. Select the **Integrations** tab, and then select **Add an App**.

   ![](/docs/_md-assets/07b2c9b9d0-notification-slack-2.png)

3. Search for the Shisho Cloud app, and then select **Add** to invite it to your Slack channel.

   ![](/docs/_md-assets/171bed6772-notification-slack-3.png)

:::warning
If the Shisho Cloud app doesn't appear, Shisho Cloud might not be integrated with your Slack workspace. Complete the [Slack workspace integration process](/docs/g/getting-started/integrate-apps/slack.md).
:::

:::warning
If you can't find the menu items described in these steps, Slack might have updated its user interface or your Slack workspace owner (administrator) might have restricted access. If you can't integrate Shisho Cloud and your Slack workspace, contact [Flatt Security](https://flatt.tech/security).
:::

#### Sending a Test Message to a Slack Channel

To verify that the settings are correct before using the notification feature in a workflow, send a test message to the Slack channel by selecting **Send test message**:

![](/docs/_md-assets/4cb1d01404-notification-test-message-1-ja.png)

If the settings are correct, the following test message appears in your Slack channel:

![](/docs/_md-assets/fce3a13187-notification-test-message-on-slack.png)

If the message doesn't appear, the [Slack workspace integration](/docs/g/getting-started/integrate-apps/slack.md) process might not be complete or the **Shisho Cloud** Slack app might not be added to the Slack channel. If you still can't receive the test message, contact [Flatt Security](https://flatt.tech/security).

### Configuring Email Notifications

Shisho Cloud prevents notifications to email addresses that aren't associated with users in your organization. Therefore, adding those email addresses to a [notification group](/docs/g/concepts/notification-group.md) or [policy](/docs/g/concepts/notification.md) **doesn't send notifications**. To send notifications to those addresses, add them to the "**Mail Sending Permission List**".

:::info
Notifications to the email addresses of users in your organization (the email addresses used to register with Shisho Cloud) are implicitly allowed and don't need to be added to the Mail Sending Permission List.
:::

To manage the Mail Sending Permission List, select **Settings** (:gear:) > **Mail Sending Permission List**.

![Mail Sending Permission List Management Screen](/docs/_md-assets/f7316a475c-notification-email-allowlist-empty-ja.png)

To add an email address to the Mail Sending Permission List, follow these steps:

1. Select **Add Email Address**. A modal appears.
2. Enter the email address in the modal, and then select **Add**.

   If the email address is added successfully, it appears in the list. However, Shisho Cloud sends a confirmation email to the address to verify its validity. You must verify the email address before it can receive notifications.

   ![](/docs/_md-assets/44d7012ba3-notification-email-allowlist-unconfirmed-ja.png)

   The confirmation email is valid for **24 hours**. If you don't verify the email address within 24 hours, the status changes and the message updates.

   ![](/docs/_md-assets/6f257b70e8-notification-email-allowlist-expired-ja.png)

   To resend the confirmation email, select **Resend Confirmation Email**. You can resend the confirmation email before it expires, but only the link in the most recent email is valid. If you select a link in an older email, you'll receive an error.

   ![](/docs/_md-assets/a94354468a-notification-email-allowlist-resend-ja.png)

   After you verify the email address, the **Status** column is empty. The email address can now receive notifications.

   ![](/docs/_md-assets/fe498f1999-notification-email-allowlist-accepted-ja.png)

:::info
To prevent data leaks, remove unused email addresses from the Mail Sending Permission List. To remove an email address, select **Delete** next to the email address. When you delete an email address, a confirmation email isn't sent. To delete multiple email addresses, select the checkbox next to each address, and then select **Delete**.
:::

:::note
If email notifications aren't sent after you configure the Mail Sending Permission List, check your spam folder. If the email notifications aren't in your spam folder, contact [Flatt Security](https://flatt.tech/security).
:::

## (Advanced) Using Notification Targets from a Policy

To send notifications to supported notification targets, pass the [Notification](/docs/g/api/objects/notification.md) object from the policy code to Shisho Cloud according to the API between Shisho Cloud and the policy code (for example, [API for Inline Rego Policies](/docs/g/api/rego.md)).

:::info
Use the functions under [`shisho.notification`](https://github.com/flatt-security/shisho-cloud-rego-libraries/blob/main/notification/notification.rego) in the Rego SDK.

For example:

```rego
import data.shisho

# Send the string "test" as a comment to the specified GitHub Issue
import data.shisho

notifications[n] {
  n := shisho.notification.to_github_issue(
    "org-name",
    "repository-name",
    123456, # issue ID
    "test", # message
  )
}
```

:::

:::info
If the notification feature doesn't work correctly, see the "Workflows" section in the [frequently asked questions](/docs/g/faq/notifications/workflows.md).
:::