An intelligent Slack bot for the OWASP community
π Live Dashboard Β· π¬ Join OWASP Slack Β· π Report Bug Β· β¨ Request Feature
BLT-Lettuce is an intelligent Slack bot designed for the OWASP Slack workspace. It welcomes new members, helps them discover projects, and connects the global security community.
Note: This Slack bot functionality has been incorporated into the main BLT repository and is being transferred back to this repo for better organization.
- π Welcome New Members - Automatically sends personalized welcome messages to newcomers
- π Project Discovery - Interactive conversations help users find relevant OWASP projects
- π GitHub Integration - Scans configured organizations and caches project metadata
- π€ Conversational Flow - Asks multiple-choice questions to understand user needs
- β‘ Edge-Powered - Runs on Cloudflare Workers for global, low-latency performance
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OWASP Slack Workspace β
βββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Cloudflare Worker (Python) β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββ β
β β Webhook β β Stats β β Project Discovery β β
β β Handler β β Tracking β β Flowchart β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
βΌ βΌ βΌ
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Cloudflare β β GitHub API β β GitHub Pages β
β KV Storage β β (Org scanning) β β (Dashboard) β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
The bot uses a conversational flowchart to help users find OWASP projects:
βββββββββββββββββββββββββββββββββββββββ
β User Initiates Chat β
βββββββββββββββββββ¬ββββββββββββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββ
β "What type of project interests β
β you?" (Multiple Choice) β
β β’ Documentation/Standards β
β β’ Security Tools β
β β’ Deliberately Insecure Apps β
β β’ Research/Education β
βββββββββββββββββββ¬ββββββββββββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββ
β "What technology stack?" β
β β’ Python β’ Java β’ JavaScript β
β β’ Go β’ .NET β’ Any β
βββββββββββββββββββ¬ββββββββββββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββ
β Query cached project metadata β
β from configured GitHub orgs β
βββββββββββββββββββ¬ββββββββββββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββ
β Return matching project links β
β with descriptions and stats β
βββββββββββββββββββ¬ββββββββββββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββ
β No matches? Offer to: β
β β’ Start over with different params β
β β’ Learn how to start a new project β
βββββββββββββββββββββββββββββββββββββββ
View real-time statistics at our Stats Dashboard:
- π Members welcomed
- β‘ Commands executed
- π GitHub project health metrics
- π Global availability status
The bot is powered by a Python Cloudflare Worker that:
- Handles Slack webhook events
- Sends personalized welcome messages
- Tracks statistics in KV storage
- Provides a stats API for the dashboard
- Caches project metadata (expires every 24-48 hours)
See cloudflare-worker/README.md for setup instructions.
| Endpoint | Method | Description |
|---|---|---|
/webhook |
POST | Slack webhook for events |
/stats |
GET | Returns statistics JSON |
/health |
GET | Health check endpoint |
- Python 3.10+
- Poetry for dependency management
- Wrangler CLI for Cloudflare Workers
- Slack Bot Token and Signing Secret
-
Clone the repository
git clone https://github.com/OWASP-BLT/BLT-Lettuce.git cd BLT-Lettuce -
Install dependencies
poetry install
-
Set up environment variables
cp .env.sample .env # Edit .env with your Slack credentials -
Run locally
poetry run python app.py
cd cloudflare-worker
wrangler login
wrangler kv:namespace create "STATS_KV"
# Update wrangler.toml with the namespace ID
wrangler secret put SLACK_TOKEN
wrangler secret put SIGNING_SECRET
wrangler deployBLT-Lettuce/
βββ app.py # Main Flask application
βββ cloudflare-worker/ # Cloudflare Worker code
β βββ worker.py # Python worker implementation
β βββ wrangler.toml # Worker configuration
β βββ README.md # Worker documentation
βββ data/
β βββ projects.json # OWASP project metadata cache
β βββ repos.json # Repository categorization
βββ docs/
β βββ index.html # GitHub Pages dashboard
βββ src/lettuce/ # Bot plugins and modules
βββ tests/ # Test suite
βββ pyproject.toml # Poetry configuration
βββ README.md # This file
We welcome contributions from everyone! Here's how to get started:
- Fork the Repository - Click "Fork" at the top right of this page
- Clone Your Fork
git clone https://github.com/YOUR-USERNAME/BLT-Lettuce.git
- Create a Branch
git checkout -b feature/your-feature-name
- Make Changes - Follow our coding standards (enforced by pre-commit hooks)
- Test Your Changes
poetry run pytest
- Commit with Conventional Commits
git commit -m "feat: add new feature" - Push and Open a PR
git push origin feature/your-feature-name
Watch our contribution walkthrough video for a step-by-step guide.
poetry run pytestpoetry run ruff check --fix .
poetry run ruff format .pip install pre-commit
pre-commit installThis project is licensed under the AGPL-3.0 License - see the LICENSE file for details.
- OWASP Foundation for supporting open-source security
- All our amazing contributors
- The OWASP Slack community for feedback and ideas
Made with π by the OWASP BLT Team
