Slack Token

Description

Slack API tokens can be created for both members and bot users. For added security, it is recommended to rotate these tokens periodically. Slack will automatically revoke old tokens if they remain unused for long periods of time.

Remediation

Slack

. Revoke the exposed secret. + Go to http://api.slack.com/methods/auth.revoke/test[auth.revoke] to revoke your token. + Method URL: https://slack.com/api/auth.revoke Preferred HTTP method: GET Accepted content types: application/x-www-form-urlencoded

. Clean the git history. + Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

. Inspect Slack's Events API log to ensure the key was not utilized during the compromised period.

Rule Details

Field	Value
ID	IAC-1312
Severity	MEDIUM
IaC Type	secrets
Frameworks	Git
Checkov ID	CKV_SECRET_14

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Slack Token

Description

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Slack Token ​

Description ​

Remediation ​

Rule Details ​

References ​

Slack Token

Description

Remediation

Rule Details

References