Accessing Integration Settings
- Navigate to your project in the Credible Layer dashboard
- Go to Settings in the navigation bar
- Select Slack or PagerDuty from the “Integrations” section
Adding Notification Integration
Slack Integration
The Slack integration sends formatted incident notifications to a channel of your choice using Slack’s Incoming Webhooks.1
Create a Slack App
- In the Credible Layer Settings page, click Create a Slack App
- This opens Slack’s app creation page with a pre-filled manifest. No manual configuration needed
- Select the workspace where you want to receive notifications
- Click Create
2
Enable Incoming Webhooks
- In your newly created Slack app, go to Features → Incoming Webhooks
- Toggle Activate Incoming Webhooks to On
- Click Add New Webhook to Workspace
- Select the channel where you want incident notifications
- Click Allow
3
Copy the Webhook URL
After authorizing, you’ll see your new webhook URL:Copy this URL.
4
Configure in Credible Layer
- Return to Credible Layer Settings → Slack tab
- Paste your webhook URL in the input field
- Click Save
5
Test the Integration
- After saving, click Send Test Notification
- Verify the message arrives in your selected Slack channel
PagerDuty Integration
The PagerDuty integration creates incidents in PagerDuty when assertion violations occur, using the Events API v2.1
Create a PagerDuty Service Integration
- In PagerDuty, navigate to Services → Service Directory
- Select an existing service or create a new one
- Go to the Integrations tab
- Click Add Integration
- Search for and select Events API v2
- Click Add
2
Get the Integration Key
After adding the integration, you’ll see the Integration Key (also called Routing Key). This is a 32-character alphanumeric string. Copy this key.
3
Configure in Credible Layer
- Go to Credible Layer Settings → PagerDuty tab
- Paste your 32-character routing key in the input field
- Click Save
4
Test the Integration
- After saving, click Send Test Notification
- Verify the incident appears in your PagerDuty service
What Gets Notified
Both integrations send notifications when assertion incidents occur. Notifications include:- Project name and affected contract
- Network/chain information
- Transaction details (hash, block number)
- Assertion violation reason
- Direct link to view the incident in the dashboard
How Incidents Are Grouped
You receive one notification per incident, not per transaction. An incident is defined as an assertion being invalidated within a one-hour time window. If an attacker crafts multiple transactions that all violate the same assertion, these are grouped into a single incident since they represent the same logical attack. After one hour without violations, a new invalidation creates a new incident. This prevents notification spam while ensuring you’re alerted to distinct security events. See Incidents for more details.This grouping logic is our initial approach and may be refined based on user feedback.
Managing Integrations
Updating a Webhook or Key
Paste a new URL or key and click Save. The old configuration is replaced.Removing an Integration
- Scroll to the bottom of the integration card
- Click Remove Integration
- Confirm the removal
Removing an integration stops all notifications but does not delete historical data. You can reconfigure at any time.
Troubleshooting
| Issue | Solution |
|---|---|
| Slack webhook URL rejected | Ensure the URL starts with https://hooks.slack.com/services/ |
| PagerDuty key rejected | Verify the key is exactly 32 alphanumeric characters |
| Test notification not received | Check that the integration is correctly configured in Slack/PagerDuty |
| No notifications on incidents | Verify the integration shows as “configured” in Settings |
Security
- Webhook URLs and routing keys are stored securely and never displayed in full after saving
- Only project managers can configure integrations
- Test notifications are rate-limited to prevent abuse