Alerts and monitoring¶
Alerts inform operators when new CVE rows appear after a watch tick or scan. They do not replace SIEM or pager systems but provide immediate UI feedback.
Channels¶
When alertsEnabled in settings:
- Toast — short notification with count and sample CVE ids.
- Banner — dismissible bar listing new critical/high items after watch or scan.
Alerts tab removed
The separate alerts history tab was removed from the Web UI. Notifications are toast + banner only.
Server notification channels¶
Browser toast and banner are client-only. For Slack, Discord, Telegram, SMTP email, or a generic webhook, configure server environment variables. When POST /api/watch returns non-empty newVulns, NotificationService in server/services/notifications/ dispatches configured channels asynchronously (non-blocking).
| Channel | Primary env vars |
|---|---|
| Slack | NOTIFICATION_SLACK_WEBHOOK_URL or legacy ALERT_WEBHOOK_URL |
| Discord | NOTIFICATION_DISCORD_WEBHOOK_URL |
| Telegram | NOTIFICATION_TELEGRAM_BOT_TOKEN, NOTIFICATION_TELEGRAM_CHAT_ID |
| Email (SMTP) | NOTIFICATION_SMTP_HOST, NOTIFICATION_SMTP_FROM, NOTIFICATION_SMTP_TO; optional NOTIFICATION_SMTP_PORT, NOTIFICATION_SMTP_USER, NOTIFICATION_SMTP_PASS |
| Generic webhook | NOTIFICATION_WEBHOOK_URL |
| Control | Env | Default |
|---|---|---|
| Minimum severity | NOTIFICATION_MIN_SEVERITY or legacy ALERT_MIN_SEVERITY |
HIGH |
| Dedup window (ms) | NOTIFICATION_DEDUP_MS |
900000 (15 min) |
| Slack payload | ALERT_WEBHOOK_FORMAT |
slack or generic |
Repeat notifications for the same CVE batch and channel are suppressed within the dedup window. Per-tenant notification UI is planned; today channels are ops-configured via env. See Configuration and Self-hosted operations.
Watch integration¶
useWatch compares server newVulns against client state. On hasNew: true, merge into vuln list, update localStorage last scan, and fire notifications if enabled.
Live watch indicator¶
SubNav shows live watch badge when watchEnabled. Top bar toggle controls polling without losing stack configuration.
Recommended practice¶
- Enable watch with 5-minute interval for production stacks.
- Keep alerts on during migration windows.
- Use the Vulnerabilities tab and filters to triage items surfaced by toast/banner notifications.
Next: Operations