Skip to content

Email Notifications

Vygl sends two kinds of email: transactional (org invites, password resets — these go automatically and aren’t configurable) and event notifications (scan results, finding alerts, CVE Watch — opt-in).

  1. Open Settings → Integrations and click Add Email.
  2. Enter one or more recipient addresses (comma-separated).
  3. Pick events: scan_completed, critical_finding, high_finding, cve_critical, cve_high, cve_batch_summary.
  4. Apply filters (project, severity, scan type) if you want to scope.
  5. Pick an AI verdict filter — keep the default to email every critical/high alert immediately, or pick AI-verified TPs only / TPs and uncertain to wait for the LLM verdict and skip false positives. Requires AI verification to be enabled. See AI Verification → notification filter.
  6. Save. Email integrations don’t have a working Test button today — confirm by triggering a real scan or CVE Watch event.

Branded HTML with the Vygl logo and a responsive layout. Each event type has its own template:

  • Scan completion — summary table, severity breakdown, link to scan detail.
  • Finding alert — finding title, file, rule, link to finding detail.
  • CVE Watch — affected packages, OSV ID, severity, link to alert.

Notifications are HTML-only — there’s no plain-text alternative today.

These send automatically — no configuration needed:

  • Member invites — sent when an admin invites a user. The link expires in 7 days.
  • Password reset — sent when a user clicks Forgot Password. The link expires in 15 minutes.

Transactional emails carry one-time tokens that hash on the server; the raw token never goes to the database.