Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/owasp/nest/llms.txt

Use this file to discover all available pages before exploring further.

NestBot registers a dedicated slash command for each feature area. All commands are handled at the /integrations/slack/commands/ endpoint and respond with a private direct message to the invoking user.
Command responses are sent as direct messages so they don’t clutter shared channels. Feedback prompts are included in most responses so you can tell the team how helpful the output was.

How commands work

Every command class inherits from CommandBase (backend/apps/slack/commands/command.py). When you run a slash command:
  1. Slack sends a POST request to the commands endpoint.
  2. Slack Bolt dispatches the payload to the matching handler class.
  3. The handler calls render_blocks(), which renders a Jinja2 template with context data.
  4. The rendered Block Kit JSON is sent back as a direct message via client.chat_postMessage.
If an error occurs, the bot sends a :warning: An error occurred. Please try again later. message instead of failing silently.

Command reference

Ask the NestBot AI assistant any OWASP-related question. The assistant uses the Nest knowledge base to provide contextual answers.
/ai <your question>
Examples:
/ai What is the OWASP Top 10?
/ai How do I get started contributing to OWASP?
Displays information about the OWASP Global Board of Directors, including current members and their roles.
/board
Search for OWASP chapters by name or location. Run without arguments to browse all chapters, or pass a search term to filter results.
/chapters
/chapters <search term>
/chapters --help
Examples:
/chapters London
/chapters --start
Returns up to 10 matching chapters with metadata and timestamps.
Lists active OWASP committees with descriptions and contact information.
/committees
/committees <name>
Overview of the OWASP community, key channels, and ways to get involved.
/community
Provides official OWASP contact details and support channels.
/contact
Surfaces open contribution opportunities across OWASP projects. Search by keyword or run without arguments to see current opportunities.
/contribute
/contribute <search term>
/contribute --help
Examples:
/contribute documentation
/contribute Python
Returns up to 10 results with project metadata and issue summaries.
Lists upcoming OWASP events including AppSec conferences and chapter meetings.
/events
Provides GSoC information for OWASP. Run without arguments for a general overview, or pass a year to see projects for that specific programme.
/gsoc
/gsoc <year>
Examples:
/gsoc
/gsoc 2024
/gsoc 2025
Supported years: 2012–2026. For years with announcements, a link to the official GSoC announcement is included. Projects are sorted alphabetically by name.
Lists security-related job opportunities from the OWASP jobs board.
/jobs
Look up OWASP leaders by name, chapter, or project.
/leaders <name/chapter/project>
Examples:
/leaders OWASP Nest
/leaders London
Returns the latest OWASP news, blog posts, and announcements.
/news
General information about OWASP: mission, projects, and how to get involved.
/owasp
/owasp --help
Returns links to official OWASP policies and procedures documentation.
/policies
Searches the OWASP project directory. Provide a search term to filter results, or run without arguments to browse all projects.
/projects
/projects <search query>
Examples:
/projects OWASP Top 10
/projects dependency track
/projects mobile
Returns up to 10 matching projects with summaries, metadata, and timestamps. Project names are truncated at 80 characters and summaries at 300 characters.
Displays information about OWASP staff and the organisational structure.
/staff
Look up OWASP Slack users by name or username.
/users <user>
Example:
/users Jane Doe

Adding a new command

To add a new slash command:
  1. Create a new file in backend/apps/slack/commands/, for example mycommand.py.
  2. Define a class that inherits from CommandBase. The class name determines the command name (e.g. class MyCommand registers /mycommand).
  3. Override get_context() or render_blocks() if the command needs dynamic data.
  4. Create a corresponding Jinja2 template at backend/apps/slack/templates/commands/my_command.jinja.
  5. Add the command to backend/apps/slack/MANIFEST.yaml so Slack knows to route it to the bot.
# backend/apps/slack/commands/mycommand.py
from apps.slack.commands.command import CommandBase

class Mycommand(CommandBase):
    """Slack bot /mycommand command."""
    # Override get_context() to pass data to your template.
CommandBase.configure_commands() discovers and registers all subclasses automatically at startup — no additional wiring is required.