SDLC Slackbot decides if a project merits a security review.
You will need:
- A Slack application (aka your sdlc bot) with Socket Mode enabled
- OpenAI API key
Generate an App-level token for your Slack app, by going to:
Your Slack App > Basic Information > App-Level Tokens > Generate Token and Scopes
Create a new token with connections:write scope. This is your SOCKET_APP_TOKEN token.
Once you have them, from the current directory, run:
$ make init-env-file
and fill in the right values.
Your Slack App needs the following scopes:
- app_mentions:read
- channels:join
- channels:read
- channels:history
- chat:write
- groups:history
- groups:read
- groups:write
- usergroups:read
- users:read
- users:read.email
From the current directory, run:
make init-pyproject
From the repo root, run:
make clean-venv
source venv/bin/activate
make build-bot BOT=sdlc-slackbot
The example configuration is config.toml. Replace the configuration values as needed.
You need to at least replace the openai_organization_id and notification_channel_id.
For optional Google Docs integration you'll need a 'credentials.json' file:
- Go to the Google Cloud Console.
- Select your project.
- Navigate to "APIs & Services" > "Credentials".
- Under "OAuth 2.0 Client IDs", find your client ID and download the JSON file.
- Save it in the
sdlc-slackbot/sdlc_slackbotdirectory ascredentials.json.
From the repo root, run:
make run-bot BOT=sdlc-slackbot