From the Findings panel, select findings and click Push to Jira. Or configure auto-push: all Critical/High findings create Jira tickets automatically when confirmed.
ServiceNow Integration
Settings β Integrations β ServiceNow:
Instance URL : https://your-instance.service-now.com
Username : phantomyerra_svc
Password : [encrypted on entry]
Table : sn_si_incident (Security Incidents) or incident
Features:
β Push findings as Security Incidents
β CMDB sync: discovered assets β CI records
β Bi-directional status sync (fix in ServiceNow β closes in PhantomYerra)
Slack Integration
Settings β Integrations β Slack:
Webhook URL : https://hooks.slack.com/services/...
Channel : #security-findings (or per-severity channels)
Notification triggers (configurable):
β Critical finding confirmed β immediate alert
β Scan started / completed
β Report generated and ready
β AI credits running low
β Daily digest of open findings
Message format:
π΄ CRITICAL Finding: SQL Injection in /api/users
Project: [project name] | CVSS: 9.8 | EPS: High
β View in PhantomYerra: [deep link]
Microsoft Teams Integration
Settings β Integrations β Microsoft Teams:
Webhook URL : https://your-org.webhook.office.com/...
Channel : General / Security-Alerts
Same trigger configuration as Slack.
Adaptive Card format for rich finding notifications.
PagerDuty Integration
Settings β Integrations β PagerDuty:
Integration Key : [from PagerDuty service]
Escalation : Critical β immediate page
High β page after 30 minutes if unacknowledged
Use case: On-call security engineer gets paged immediately when
a Critical finding is confirmed during automated scanning.
In your .gitlab-ci.yml:
phantom_sast:
stage: test
script:
- curl -X POST http://phantomyerra:8731/api/v1/sast/scan
-d '{"path": ".", "fail_on": ["critical", "high"]}'
-H "Authorization: Bearer $PHANTOM_API_KEY"
artifacts:
reports:
sast: gl-sast-report.json
Quality Gate Configuration
Settings β Integrations β CI/CD Quality Gate:
Fail build if:
β Any Critical finding
β High findings > [threshold: 0]
β New CVEs in SBOM > [threshold: 5]
β GPL license violations found
Pass conditions:
β Zero critical findings
β All high findings have accepted risk or remediation tickets
β SBOM contains no known-exploited CVEs (KEV check)
Splunk Integration
Settings β Integrations β Splunk:
HEC URL : https://splunk.your-org.com:8088/services/collector
HEC Token : [from Splunk HTTP Event Collector]
Index : security_findings
Source Type : phantomyerra:finding
All findings and scan events stream to Splunk in real-time.
Pre-built dashboards available in PhantomYerra Splunk App.
Common Issues
Your Jira project likely has required custom fields that PhantomYerra doesn't know about. Go to Settings β Integrations β Jira β Field Mapping β Advanced. Inspect the Jira field schema and map the required fields. Common required fields: "Sprint", "Fix Version", "Component". Set default values for fields that PhantomYerra can't auto-populate.
Test the webhook: Settings β Integrations β Slack β Test Connection. If the test fails, regenerate the webhook in Slack (Apps β Incoming Webhooks). Verify the bot is still a member of the target channel. Check that notification triggers are enabled in the trigger configuration β all triggers are OFF by default and must be explicitly enabled.
GitHub Advanced Security must be enabled for the repository (requires GitHub Enterprise or public repo). The SARIF file must be valid SARIF 2.1.0. Check the file: cat phantomyerra_results.sarif | jq .version β should return "2.1.0". Ensure the workflow has the security-events: write permission in the workflow YAML.