Email Notifications
Vygl sends two kinds of email: transactional (org invites, password resets — these go automatically and aren’t configurable) and event notifications (scan results, finding alerts, CVE Watch — opt-in).
Setting up event notifications
Section titled “Setting up event notifications”- Open Settings → Integrations and click Add Email.
- Enter one or more recipient addresses (comma-separated).
- Pick events:
scan_completed,critical_finding,high_finding,cve_critical,cve_high,cve_batch_summary. - Apply filters (project, severity, scan type) if you want to scope.
- Pick an AI verdict filter — keep the default to email every critical/high alert immediately, or pick AI-verified TPs only / TPs and uncertain to wait for the LLM verdict and skip false positives. Requires AI verification to be enabled. See AI Verification → notification filter.
- Save. Email integrations don’t have a working Test button today — confirm by triggering a real scan or CVE Watch event.
What’s in a notification email
Section titled “What’s in a notification email”Branded HTML with the Vygl logo and a responsive layout. Each event type has its own template:
- Scan completion — summary table, severity breakdown, link to scan detail.
- Finding alert — finding title, file, rule, link to finding detail.
- CVE Watch — affected packages, OSV ID, severity, link to alert.
Notifications are HTML-only — there’s no plain-text alternative today.
Transactional emails
Section titled “Transactional emails”These send automatically — no configuration needed:
- Member invites — sent when an admin invites a user. The link expires in 7 days.
- Password reset — sent when a user clicks Forgot Password. The link expires in 15 minutes.
Transactional emails carry one-time tokens that hash on the server; the raw token never goes to the database.