Documentation

Everything you need to secure your vibe-coded projects

Features

Monitoring & Alerts

BoringSec automatically rescans your domains on a schedule and alerts you when security scores drop, new vulnerabilities appear, or SSL certificates are about to expire.

Monitoring Frequency

📧

Weekly

Pro

Your domains are rescanned every 7 days. Email alerts on score drops and new critical issues.

📊

Daily

Business

Rescanned every 24 hours. Plus Slack integration and webhook callbacks for automated workflows.

⚡

Every 30 min

Enterprise

Near real-time monitoring. Immediate alerts on any security regression. Custom alert rules.

Alert Types

📉

Score Drop

Triggered when a domain score drops by 10+ points between scans.

🚨

New Critical Issue

Immediately notified when a new CRITICAL severity vulnerability is detected.

⚠️

New High Issue

Notified when a new HIGH severity finding appears.

🔒

SSL Expiry

Warning sent 30 days before your SSL certificate expires.

✅

Domain Verified

Confirmation when domain ownership verification completes.

📈

Score Improved

Positive notification when your security score increases.

❌

Scan Failed

Alert if a scheduled scan fails (site down, timeout, etc.).

Notification Channels

Email

Available on all paid plans. Configure which alert types trigger emails.

Setup: Dashboard → Alerts → Settings

Slack

Business+ tier. Post scan results and alerts to a Slack channel automatically.

Setup: Dashboard → Alerts → Slack Integration

Webhooks

Business+ tier. Receive POST callbacks on scan events. Events: SCAN_COMPLETED, SCORE_CHANGED, ISSUE_NEW_CRITICAL, SSL_EXPIRING.

Setup: API → POST /api/v1/webhooks

Webhook Events

Webhooks deliver a JSON payload to your URL when events occur. Each delivery is signed with HMAC for verification.

POST /api/v1/webhooks
{
  "url": "https://your-app.com/webhook/boringsec",
  "events": ["SCAN_COMPLETED", "ISSUE_NEW_CRITICAL"],
  "secret": "auto-generated"
}

SCAN_COMPLETED

Fires after every scan finishes

SCORE_CHANGED

Score went up or down

ISSUE_NEW_CRITICAL

New critical vulnerability found

SSL_EXPIRING

Certificate expires within 30 days

Webhook deliveries are retried up to 3 times with exponential backoff. View delivery logs via GET /api/v1/webhooks/{id}/deliveries.

Setting Up Monitoring

Add a domain

Go to Domains and add the URL you want to monitor.

Verify ownership (optional)

Add a DNS TXT record or meta tag to verify. Verified domains get priority monitoring.

Configure alerts

Go to Alerts → Settings to choose which notifications you want.

Done — monitoring is automatic

Based on your plan (weekly/daily/30min), BoringSec rescans and alerts automatically.