> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Integrations Overview

> Pwnbook connects with the security and development tools your team already uses. Enable integrations through the marketplace to pull external findings into engagements and push activity to your existing workflows.

## Available integrations

<CardGroup cols={2}>
  <Card title="Slack" icon="slack" href="/integrations/slack">
    Receive engagement notifications, task updates, and recon alerts directly in your Slack channels.
  </Card>

  <Card title="GitHub" icon="github" href="/integrations/github">
    PR-based threat modeling, repository scanning, and webhook-driven security automation.
  </Card>

  <Card title="AWS" icon="cloud" href="/integrations/aws">
    Discover resources, identify security misconfigurations, and import infrastructure into architecture models.
  </Card>

  <Card title="Semgrep" icon="code" href="/integrations/semgrep">
    Pull SAST findings, secrets detection results, and supply chain issues from Semgrep.
  </Card>

  <Card title="Checkmarx One" icon="shield-halved" href="/integrations/checkmarx">
    Import SAST findings from Checkmarx One into Pwnbook engagements.
  </Card>

  <Card title="Snyk" icon="bug" href="/integrations/snyk">
    Import open source, container, IaC, and code vulnerability findings from Snyk.
  </Card>

  <Card title="Aikido Security" icon="shield" href="/integrations/aikido">
    Continuous scanning for code vulnerabilities, secrets, dependencies, and cloud misconfigurations.
  </Card>

  <Card title="Arnica" icon="magnifying-glass-chart" href="/integrations/arnica">
    Code security posture management: hardcoded secrets, risky code changes, and supply chain threats.
  </Card>

  <Card title="Leen" icon="database" href="/integrations/leen">
    Sync asset inventory from Leen into engagement target lists.
  </Card>

  <Card title="Google Calendar" icon="calendar" href="/integrations/google-calendar">
    Sync task due dates and milestones to Google Calendar.
  </Card>

  <Card title="Plane" icon="list-check" href="/integrations/plane">
    Sync Pwnbook tasks with Plane.so issues.
  </Card>

  <Card title="Bitwarden Secrets Manager" icon="key" href="/integrations/bitwarden">
    Store credentials in Bitwarden and reference them in Pwnbook with <code>{"{{bw.secret_name}}"}</code>.
  </Card>
</CardGroup>

## The marketplace

Integrations are managed through the **Marketplace** — a central place to browse, enable, and configure add-ons for your organization.

<Steps>
  <Step title="Open the marketplace">
    Go to **Organization Settings → Marketplace**.
  </Step>

  <Step title="Find an integration">
    Browse the list or search by name. Each card shows the integration name, category, and whether it's currently enabled.
  </Step>

  <Step title="Enable and configure">
    Click an integration to view its setup instructions, then click **Enable** or **Configure** to complete setup.
  </Step>
</Steps>

Enabled integrations can be toggled off at any time. Disabling an integration stops all data sync but does not delete previously imported data.

## Integration permissions

Enabling integrations requires **Admin** or **Owner** access in your Pwnbook organization. Individual members cannot enable or disable integrations.

When an integration uses OAuth (such as Slack or GitHub), the admin who enables it authorizes it on behalf of the organization. Other members can then use the integration's features without separately authorizing.

## Categories

| Category                   | Integrations                                         |
| -------------------------- | ---------------------------------------------------- |
| **Alerts & notifications** | Slack                                                |
| **Source code & SCM**      | GitHub, Semgrep, Checkmarx One, Snyk, Aikido, Arnica |
| **Infrastructure**         | AWS, Leen                                            |
| **Project management**     | Plane                                                |
| **Productivity**           | Google Calendar                                      |
| **Secrets management**     | Bitwarden Secrets Manager                            |

## Webhook security

Several integrations (GitHub) communicate via inbound webhooks — HTTP POST requests sent to your Pwnbook instance when events occur in the external service.

Pwnbook validates webhook payloads using signatures provided by each service. Never expose webhook endpoints without signature validation, and treat webhook secrets like any other credential.

## Data handling

Data pulled from integrations is stored within your Pwnbook organization and is subject to the same access controls as other engagement data. Review each external service's data processing practices — Pwnbook acts as a consumer of their data; their own retention and privacy policies apply to data they hold.
