Settings & Integrations
The Settings area centralizes your account configuration, team management, integrations, and platform administration across nine modules.
Profile & Account
Update your name, email, and password from Settings → Profile. Your profile information appears in activity logs and team views.
Team Members
Invite colleagues from Settings → Team. Each member can be assigned:
| Role | Permissions |
|---|---|
| Admin | Full access — billing, team management, asset configuration, settings, all features |
| Member | View findings, manage assets, configure alerts, use Copilot |
| Viewer | Read-only access to findings, dashboards, and reports |
Admins can remove team members and reassign roles at any time.
Session Management
View and terminate active sessions for your account. Each session shows the device, IP address, browser, and last activity time. Terminate sessions you don't recognize immediately.
Assets
Assets are the entities BleedWatch monitors. Configure them under Settings → Assets:
| Asset Type | Example | What It Scans |
|---|---|---|
| Domain | yourcompany.com | Subdomains, DNS, TLS, origin exposure, web supply chain |
| GitHub Organization | your-github-org | Repositories, secrets, dependencies |
| GitHub Repository | your-github-org/repo | Single repository deep scan |
| NPM Scope | @yourscope | Published packages, dependencies, secrets |
| NPM Package | your-package | Single package deep scan |
| Docker Organization | yourcompany | Docker Hub images, layer secrets |
| Docker Image | yourcompany/api | Single image deep scan |
| GitLab Group | your-gitlab-group | GitLab repositories |
| IP Range | 203.0.113.0/24 | Port scanning, service detection |
Each asset can be individually enabled/disabled and has a configurable scan frequency.
SIEM Integrations
Settings → SIEM — Connect BleedWatch to your Security Information and Event Management system.
Supported Platforms
| Platform | Protocol | Format |
|---|---|---|
| Splunk | Webhook (HEC) | JSON |
| Datadog | Webhook (Log API) | JSON |
| Elastic / Logstash | Syslog TCP | JSON or CEF |
| Sumo Logic | Webhook (HTTP Source) | JSON |
| QRadar | Syslog UDP/TCP | CEF |
| Custom Webhook | HTTP POST | JSON |
| Custom Syslog | UDP / TCP / TLS | CEF or JSON |
Creating an Integration
- Click Add Integration and select a template (or start from scratch)
- Configure the destination URL or host:port
- Select format: JSON (structured) or CEF (Common Event Format)
- Optional: filter by severity (only forward critical/high) or event type (only new findings)
- Click Test Connection to verify
- Save
Webhook Signing
Each webhook integration generates an HMAC-SHA256 signing secret. Use this to verify that incoming requests are genuinely from BleedWatch. The secret is shown once at creation — copy it immediately.
Configuration Options
| Option | Description |
|---|---|
| Protocol | webhook, syslog_udp, syslog_tcp, syslog_tls |
| Format | JSON or CEF |
| Severity Filter | Only forward events at or above a severity threshold |
| Event Filter | Choose event types: finding.new, finding.status_changed, finding.resolved |
| Max Retries | Number of retry attempts on delivery failure (0–10) |
| TLS CA PEM | Custom CA certificate for syslog_tls connections |
CVE Alerts
Settings → CVE Alerts — Get notified when new CVEs affect your dependencies.
CVE Alerts require a Starter plan or above.
Configuration
| Setting | Options |
|---|---|
| Severity threshold | Critical only / Critical + High / Critical + High + Medium / All |
| Channel | Email (Slack and webhook coming soon) |
| Recipients | Up to 10 email addresses |
| Digest frequency | Determined by your plan (daily for Starter, real-time for Premium) |
BleedWatch checks NVD and OSV databases for new CVEs matching your dependency inventory and sends digests at the configured frequency.
Activity Log
Settings → Activity — Tamper-evident audit log of all actions in your account.
Every event is timestamped and attributed to a specific user:
| Event Type | Example |
|---|---|
finding_created | New finding detected by scanner |
status_changed | Finding status updated (open → resolved) |
comment_added | Team member added a note to a finding |
alert_sent | Alert notification dispatched |
alert_delivered | Alert confirmed delivered to destination |
report_generated | Report created or exported |
validity_checked | Secret validation (SaintScan) completed |
scan_completed | Scan cycle finished |
scan_started | Scan cycle initiated |
share_link_created | Shared link generated for a finding/report |
share_link_revoked | Shared link revoked |
shared_link_success | Shared link was accessed |
Filtering the Activity Log
- By action type — Dropdown to select specific event types
- By date range — From/to date pickers
- By keyword — Search descriptions for specific terms
- Pagination — 30 events per page, cursor-based
The audit log is append-only — entries cannot be modified or deleted. This makes it suitable as compliance evidence for SOC 2, ISO 27001, and NIS2 audit trail requirements.
Shared Links
Settings → Shared Links — Manage public links for sharing findings or reports with external stakeholders.
Shared links can include:
| Option | Description |
|---|---|
| Password protection | Require a password to access the link |
| Max views | Limit the number of times the link can be opened |
| Expiration | Auto-expire after a specified date |
The shared links table shows each link's resource type (Finding, Report, Scan), view count, last accessed time, and allows revocation.
Shared links make finding or report data accessible outside your organization. Use password protection and expiration dates for sensitive data. Revoke links when they're no longer needed.
Status Widget
Settings → Status Widget — Embed a security status badge on your website, status page, or internal wiki.
Widget Options
| Setting | Description |
|---|---|
| Theme | Dark or light |
| Show finding counts | Display critical/high finding counts |
| Show last scan | Display the last scan timestamp |
| Custom label | Override the default company name label |
Embed Formats
| Format | Use Case |
|---|---|
| HTML iframe | Embed on any webpage (customizable width/height) |
| Markdown badge | Add to README files or documentation |
| API endpoint | Query status data programmatically for custom dashboards |
The widget auto-refreshes — it always shows current data.
Embed Widgets
Settings → Embeds — Create embeddable security widgets for SOC dashboards, intranets, or Confluence pages.
Available Widgets
| Widget | What It Shows |
|---|---|
| Threat Ticker | Scrolling feed of recent security events |
| Risk Score | Current organizational risk score with trend |
| Findings Counter | Real-time count of open findings by severity |
Creating an Embed Token
- Click Create Token
- Name the token (e.g., "SOC Dashboard")
- Select widget scopes (which widgets this token can render)
- Optional: set an allowed origin (CORS restriction)
- Copy the token and iframe snippet
Each token can be scoped to specific widgets and restricted to specific origins for security. Tokens can be revoked at any time.
Usage & Bandwidth
Settings → Usage — Monitor your scan bandwidth consumption and plan limits.
Dashboard Sections
| Section | What It Shows |
|---|---|
| Bandwidth | Percent used, progress bar, used/limit bytes, overage alerts |
| Scan Activity | Total scans, cache hits, cache hit rate |
| Plan Projection | Projected end-of-month usage, days remaining |
| Daily Chart | 30-day bandwidth consumption bar chart |
| Scanner Breakdown | Bytes consumed per scanner type (Docker, GitHub, npm, etc.) |
| Top Consumers | Assets consuming the most bandwidth |
| Effective Limits | Monthly limit, max scan size, concurrent limits, rate limits |
| Alert History | Threshold-based bandwidth alerts |
The usage page helps you stay within plan limits and identify which assets or scanner types consume the most bandwidth.
AI Copilot Settings
Settings → Copilot — Configure AI Copilot behavior and access controls. See the AI Copilot documentation for feature details.
Key admin controls:
| Setting | Description |
|---|---|
| Insight Mode | Master toggle for the AI engine |
| Admin Approval | Require admin sign-off for new views |
| Query Limits | Daily query cap and max saved views |
| Data Embargo | Delay (hours) before AI can access new data |
| Datasource Blocklist | Prevent AI from querying specific data categories |
| Component Blocklist | Prevent AI from generating specific visualization types |
| Audit Chain | Verify integrity of the AI query audit log |
Integrations Summary
| Integration | Where to Configure |
|---|---|
| GitHub App (Shield) | Shield → Connect GitHub |
| Slack | Alerts → Channel configuration |
| SIEM (Splunk, Datadog, etc.) | Settings → SIEM |
| Webhooks | Settings → SIEM (custom webhook template) |
| Settings → CVE Alerts or Alerts | |
| Jira | Sentinel → Integrations |
| Linear | Sentinel → Integrations |
| Microsoft Teams | Sentinel → Integrations |
Billing & Subscription
Manage your plan, payment method, and invoices from Settings → Billing. Plan changes take effect immediately — upgrades are prorated, downgrades apply at the next billing cycle.
Related
- Alerts — Configure alert delivery channels
- Workflows — Automate alert routing and response
- AI Copilot — AI-powered data querying
- Shield — GitHub App integration for CI/CD scanning
- Reports — Generate and export security reports