Email Notifications
CodeStax sends email notifications to keep your team informed about security findings, scan completions, and account events.
Email Types
CodeStax sends 14 types of email notifications:
Security & Scan Events
| Email Type | Trigger | Default |
|---|---|---|
| Critical Finding Alert | A critical-severity vulnerability is found | Enabled |
| Scan Completed | A scan finishes successfully | Enabled |
| Scan Failed | A scan encounters an error | Enabled |
Digest & Usage
| Email Type | Trigger | Default |
|---|---|---|
| Weekly Digest | Weekly summary of findings across all repos | Enabled |
| Usage Limit Warning | An account is approaching a plan usage limit | Enabled |
Account & Team Events
| Email Type | Trigger | Default |
|---|---|---|
| Email Verification | A new account needs to confirm its email address | Enabled |
| Welcome | A new account has been created | Enabled |
| Password Reset | A password reset is requested | Enabled |
| Password Changed | An account password is changed | Enabled |
| Team Invitation | You are invited to join an organization | Enabled |
| Invitation Accepted | An invited member accepts and joins | Enabled |
| Plan Changed | Organization plan is changed | Enabled |
| Account Deactivated | An account is deactivated | Enabled |
| Account Reactivated | A previously deactivated account is reactivated | Enabled |
Configuration
Per-User Preferences
Each user can configure their notification preferences:
- Go to Settings → Notifications
- Toggle each email type on or off
- Click Save
Some transactional emails (such as email verification and password reset) are essential to account security and access and are sent regardless of preference.
Organization-Level Policies
Organization admins can set notification policies that apply to all members:
- Go to Settings → Policies → Notifications
- Set which notifications are force-enabled for all members
- Set notification recipients for security alerts (additional emails beyond the triggering user)
Per-Repository Overrides
Override notification settings for specific repositories:
- Go to Repository Settings → Notifications
- Toggle notifications for that repo only
- Add additional recipients specific to that repository
Email Delivery
Reliability
- Emails are queued and retried automatically on failure with exponential backoff
- Failed deliveries are logged and visible in Settings → Email Logs (admin only)
Email Content
Security Alert Emails Include:
- Finding severity and type
- Affected file and line number
- Repository name and branch
- Direct link to the finding in the dashboard
- Recommended fix summary
Digest Emails Include:
- Summary counts by severity
- Top 5 new findings since last digest
- DORA metric snapshot
- Link to the full dashboard
Unsubscribing
Every email includes an unsubscribe link in the footer. Clicking it disables that specific email type for your account. You can re-enable it anytime from Settings → Notifications.