Mondoo
Docs
SaaS

Assess Slack Security with cnspec

Secure and enforce policy for your Slack workspaces

Rely on cnspec to ensure your Slack workspaces follow security best practices, such as enforcing two-factor authentication for all users, verifying that channels have a defined purpose, and auditing user roles and permissions across your workspace.

Before you begin

Before you start, install cnspec.

Give cnspec access to your Slack workspace

Access to the Slack API requires an access token. We recommend using a user token.

  1. As a workspace administrator, create an app: Select Create an App and then select From Scratch.

  2. Specify an app name (we recommend Mondoo) and select the appropriate workspace.

  3. Select Create App.

  4. In the left-side navigation, select OAuth & Permissions.

  5. Scroll to Scopes. Under User Token Scopes, add these scopes:

    • admin: (Required to view access logs. For details, read scopes: admin.)
    • channels:read
    • groups:read
    • im:read
    • mpim:read
    • team:read
    • usergroups:read
    • users:read

  6. Scroll to OAuth Tokens for Your Workspace and select Install to Workspace. Copy the token Slack provides.

To test access, open a cnspec shell and verify the connection:

cnspec shell slack --token YOUR_TOKEN
cnspec> slack.team
slack.team: {
  domain: "your-workspace"
  id: "T030KKBABCDE"
}

You can also set the SLACK_TOKEN environment variable to omit the --token flag:

export SLACK_TOKEN=YOUR_TOKEN
cnspec shell slack

Scan your Slack workspace

To scan your Slack workspace:

cnspec scan slack --token YOUR_TOKEN

Understand scan output

When a scan completes, cnspec prints a summary of all the checks it ran, grouped by policy. Each check shows a pass or fail result. For example:

✓ Pass:  Ensure all users have two-factor authentication enabled
✕ Fail:  Ensure all channels have a set purpose
✓ Pass:  Ensure no deactivated users remain in the workspace

At the end of the output, cnspec shows a risk score from 0 (no risk) to 100 (highest risk). Failed checks include remediation guidance to help you fix issues.

By default, cnspec applies the Mondoo Slack Security policy, which covers two-factor authentication, channel configuration, user roles, and more. You can also create your own policies or specify a particular policy bundle with --policy-bundle.

Example checks

Run cnspec shell slack --token YOUR_TOKEN to open the cnspec interactive shell. From there you can make checks like the examples below.

Ensure all users have 2FA enabled

cnspec> slack.users { has2FA == true }

To include the user's name in the output when 2FA is not enabled:

cnspec> slack.users {
  if ( has2FA != true ) {
    has2FA == true
    realName
  }
}

Ensure all channels have a set purpose

cnspec> slack.conversations.where( isChannel == true ) {
  name
  purpose['value'] != ""
}

List all workspace admins and owners

cnspec> slack.users.admins { name realName isOwner }

Ensure no deactivated users remain in the workspace

cnspec> slack.users.members.where( deleted == true ) { name realName }

Check for externally shared channels

cnspec> slack.conversations.list.where( isExtShared == true ) { name isOrgShared }

Continuously scan your fleet

To move beyond one-off scans, set up a Slack integration in Mondoo Platform. You get continuous monitoring across your Slack workspaces, a dashboard to track security posture over time, and integration with ticketing systems to manage remediation.

Learn more

Okta

Secure and enforce policy for Okta

Docker

Scan Docker images, containers, and Dockerfiles for security misconfigurations and CVEs using cnspec.

On this page

Before you beginGive cnspec access to your Slack workspaceScan your Slack workspaceUnderstand scan outputExample checksEnsure all users have 2FA enabledEnsure all channels have a set purposeList all workspace admins and ownersEnsure no deactivated users remain in the workspaceCheck for externally shared channelsContinuously scan your fleetLearn more