Skip to main content

Available integrations

Slack

Receive engagement notifications, task updates, and recon alerts directly in your Slack channels.

GitHub

PR-based threat modeling, repository scanning, and webhook-driven security automation.

AWS

Discover resources, identify security misconfigurations, and import infrastructure into architecture models.

Semgrep

Pull SAST findings, secrets detection results, and supply chain issues from Semgrep.

Checkmarx One

Import SAST findings from Checkmarx One into Pwnbook engagements.

Snyk

Import open source, container, IaC, and code vulnerability findings from Snyk.

Aikido Security

Continuous scanning for code vulnerabilities, secrets, dependencies, and cloud misconfigurations.

Arnica

Code security posture management: hardcoded secrets, risky code changes, and supply chain threats.

Leen

Sync asset inventory from Leen into engagement target lists.

Google Calendar

Sync task due dates and milestones to Google Calendar.

Plane

Sync Pwnbook tasks with Plane.so issues.

Bitwarden Secrets Manager

Store credentials in Bitwarden and reference them in Pwnbook with .

The marketplace

Integrations are managed through the Marketplace — a central place to browse, enable, and configure add-ons for your organization.
1

Open the marketplace

Go to Organization Settings → Marketplace.
2

Find an integration

Browse the list or search by name. Each card shows the integration name, category, and whether it’s currently enabled.
3

Enable and configure

Click an integration to view its setup instructions, then click Enable or Configure to complete setup.
Enabled integrations can be toggled off at any time. Disabling an integration stops all data sync but does not delete previously imported data.

Integration permissions

Enabling integrations requires Admin or Owner access in your Pwnbook organization. Individual members cannot enable or disable integrations. When an integration uses OAuth (such as Slack or GitHub), the admin who enables it authorizes it on behalf of the organization. Other members can then use the integration’s features without separately authorizing.

Categories

CategoryIntegrations
Alerts & notificationsSlack
Source code & SCMGitHub, Semgrep, Checkmarx One, Snyk, Aikido, Arnica
InfrastructureAWS, Leen
Project managementPlane
ProductivityGoogle Calendar
Secrets managementBitwarden Secrets Manager

Webhook security

Several integrations (GitHub) communicate via inbound webhooks — HTTP POST requests sent to your Pwnbook instance when events occur in the external service. Pwnbook validates webhook payloads using signatures provided by each service. Never expose webhook endpoints without signature validation, and treat webhook secrets like any other credential.

Data handling

Data pulled from integrations is stored within your Pwnbook organization and is subject to the same access controls as other engagement data. Review each external service’s data processing practices — Pwnbook acts as a consumer of their data; their own retention and privacy policies apply to data they hold.