An intelligent Slack bot for the OWASP community
📊 Live Dashboard · 💬 Join OWASP Slack · 🐛 Report Bug · ✨ Request Feature
BLT-Lettuce is an intelligent Slack bot designed for the OWASP Slack workspace. It welcomes new members, helps them discover projects, and connects the global security community.
Note: This Slack bot functionality has been incorporated into the main BLT repository and is being transferred back to this repo for better organization.
- 👋 Welcome New Members - Automatically sends personalized welcome messages to newcomers
- 🔍 Project Discovery - Interactive conversations help users find relevant OWASP projects
- 📊 GitHub Integration - Scans configured organizations and caches project metadata
- 🤖 Conversational Flow - Asks multiple-choice questions to understand user needs
- ⚡ Edge-Powered - Runs on Cloudflare Workers for global, low-latency performance
┌─────────────────────────────────────────────────────────────────┐
│ OWASP Slack Workspace │
└─────────────────────────────────┬───────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ Cloudflare Worker (Python) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────────┐ │
│ │ Webhook │ │ Stats │ │ Project Discovery │ │
│ │ Handler │ │ Tracking │ │ Flowchart │ │
│ └──────────────┘ └──────────────┘ └──────────────────────┘ │
└─────────────────────────────────┬───────────────────────────────┘
│
┌───────────────────────┼───────────────────────┐
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Cloudflare │ │ GitHub API │ │ GitHub Pages │
│ KV Storage │ │ (Org scanning) │ │ (Dashboard) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
The bot uses a conversational flowchart to help users find OWASP projects:
┌─────────────────────────────────────┐
│ User Initiates Chat │
└─────────────────┬───────────────────┘
▼
┌─────────────────────────────────────┐
│ "What type of project interests │
│ you?" (Multiple Choice) │
│ • Documentation/Standards │
│ • Security Tools │
│ • Deliberately Insecure Apps │
│ • Research/Education │
└─────────────────┬───────────────────┘
▼
┌─────────────────────────────────────┐
│ "What technology stack?" │
│ • Python • Java • JavaScript │
│ • Go • .NET • Any │
└─────────────────┬───────────────────┘
▼
┌─────────────────────────────────────┐
│ Query cached project metadata │
│ from configured GitHub orgs │
└─────────────────┬───────────────────┘
▼
┌─────────────────────────────────────┐
│ Return matching project links │
│ with descriptions and stats │
└─────────────────┬───────────────────┘
▼
┌─────────────────────────────────────┐
│ No matches? Offer to: │
│ • Start over with different params │
│ • Learn how to start a new project │
└─────────────────────────────────────┘
View real-time statistics at our Stats Dashboard:
- 👋 Members welcomed
- ⚡ Commands executed
- 🐙 GitHub project health metrics
- 🌍 Global availability status
The bot is powered by a Python Cloudflare Worker that:
- Handles Slack webhook events
- Sends personalized welcome messages
- Tracks statistics in KV storage
- Provides a stats API for the dashboard
- Caches project metadata (expires every 24-48 hours)
See cloudflare-worker/README.md for setup instructions.
| Endpoint | Method | Description |
|---|---|---|
/webhook |
POST | Slack webhook for events |
/stats |
GET | Returns statistics JSON |
/health |
GET | Health check endpoint |
- Python 3.10+
- Poetry for dependency management
- Wrangler CLI for Cloudflare Workers
- Slack Bot Token and Signing Secret
-
Clone the repository
git clone https://github.com/OWASP-BLT/BLT-Lettuce.git cd BLT-Lettuce -
Install dependencies
poetry install
-
Set up environment variables
cp .env.sample .env # Edit .env with your Slack credentials -
Run locally
poetry run python app.py
cd cloudflare-worker
wrangler login
wrangler kv:namespace create "STATS_KV"
# Update wrangler.toml with the namespace ID
wrangler secret put SLACK_TOKEN
wrangler secret put SIGNING_SECRET
wrangler deployBLT-Lettuce/
├── app.py # Main Flask application
├── cloudflare-worker/ # Cloudflare Worker code
│ ├── worker.py # Python worker implementation
│ ├── wrangler.toml # Worker configuration
│ └── README.md # Worker documentation
├── data/
│ ├── projects.json # OWASP project metadata cache
│ └── repos.json # Repository categorization
├── docs/
│ └── index.html # GitHub Pages dashboard
├── src/lettuce/ # Bot plugins and modules
├── tests/ # Test suite
├── pyproject.toml # Poetry configuration
└── README.md # This file
We welcome contributions from everyone! Here's how to get started:
- Fork the Repository - Click "Fork" at the top right of this page
- Clone Your Fork
git clone https://github.com/YOUR-USERNAME/BLT-Lettuce.git
- Create a Branch
git checkout -b feature/your-feature-name
- Make Changes - Follow our coding standards (enforced by pre-commit hooks)
- Test Your Changes
poetry run pytest
- Commit with Conventional Commits
git commit -m "feat: add new feature" - Push and Open a PR
git push origin feature/your-feature-name
Watch our contribution walkthrough video for a step-by-step guide.
poetry run pytestpoetry run ruff check --fix .
poetry run ruff format .pip install pre-commit
pre-commit installThis project is licensed under the AGPL-3.0 License - see the LICENSE file for details.
- OWASP Foundation for supporting open-source security
- All our amazing contributors
- The OWASP Slack community for feedback and ideas
Made with 💚 by the OWASP BLT Team