Skip to content

Documentation

Everything you need to secure your AI-built projects

Monitoring & Alerts

Features

Monitoring & Alerts

BoringSec automatically rescans your domains on a schedule and alerts you when security scores drop, new vulnerabilities appear, or SSL certificates are about to expire.

Monitoring frequency

Weekly

Pro Your domains are rescanned every 7 days. Email alerts on score drops and new critical issues.

Daily

Business Rescanned every 24 hours. Plus Slack integration and webhook callbacks for automated workflows.

Every 30 min

Enterprise Near real-time monitoring. Immediate alerts on any security regression. Custom alert rules.

Alert types

Score Drop

Triggered when a domain score drops by 10+ points between scans.

New Critical Issue

Immediately notified when a new CRITICAL severity vulnerability is detected.

New High Issue

Notified when a new HIGH severity finding appears.

SSL Expiry

Warning sent 30 days before your SSL certificate expires.

Domain Verified

Confirmation when domain ownership verification completes.

Score Improved

Positive notification when your security score increases.

Scan Failed

Alert if a scheduled scan fails (site down, timeout, etc.).

Notification channels

Email

All paid plans Configure which alert types trigger emails. Setup: Dashboard → Alerts → Settings.

Slack

Care or Team+ Post scan results and alerts to a Slack channel automatically. Pro does not include this channel. Setup: Dashboard → Alerts → Slack Integration.

Webhooks

Care or Team+ Receive POST callbacks on scan events: SCAN_COMPLETED, SCORE_CHANGED, ISSUE_NEW_CRITICAL, SSL_EXPIRING. Pro does not include webhooks. Setup: API → POST /api/v1/webhooks.

Webhook events

Webhooks deliver a JSON payload to your URL when events occur. Each delivery is signed with HMAC for verification.

http
POST /api/v1/webhooks
{
  "url": "https://your-app.com/webhook/boringsec",
  "events": ["SCAN_COMPLETED", "ISSUE_NEW_CRITICAL"],
  "secret": "auto-generated"
}
SCAN_COMPLETED

Base report is ready; eligible verified-owner engines may still be running

SCORE_CHANGED

Score went up or down

ISSUE_NEW_CRITICAL

New critical vulnerability found

SSL_EXPIRING

Certificate expires within 30 days

Webhook deliveries are retried up to 3 times with exponential backoff. View delivery logs via GET /api/v1/webhooks/{id}/deliveries.
Base report and deep scanner states
A SCAN_COMPLETED payload means the base report is ready and has baseReportReady: true plus a durable data.links.status URL. Public and anonymous scans run base modules only. Nuclei, ZAP, and Medusa require a signed-in, non-anonymous scan of a domain owned by that user or team and marked VERIFIED. A requested engine without that authorization is authorization_required; a module not requested is not_requested. Eligible engines run independently in the background, so the base report stays available while they are queued, running, or retrying, and their results update the report when ready. A module failure does not retract the base report. Unknown is nonterminal. A second SCAN_COMPLETED callback is not promised for engine completion; poll the status link while deepScan.active=true.

Setting up monitoring

  1. 1

    Add a domain

    Go to Domains and add the URL you want to monitor.

  2. 2

    Verify ownership for background engines

    Monitoring can publish applicable base results before verification. Nuclei, ZAP, and Medusa run only for a signed-in account on a domain it owns and has verified with a DNS TXT record or meta tag.

  3. 3

    Configure alerts

    Go to Alerts → Settings to choose which notifications you want.

  4. 4

    Done — monitoring is automatic

    Based on your plan (weekly/daily/30min), BoringSec rescans and alerts automatically.