Email Notifications
CodeStax sends email notifications to keep your team informed about security findings, scan completions, and account events.
Email Types
CodeStax sends 14 types of email notifications:
Security Alerts
| Email Type | Trigger | Default |
|---|---|---|
| Critical Finding Alert | A critical-severity vulnerability is found | Enabled |
| Secret Detected | A leaked secret or credential is found in code | Enabled |
| Quality Gate Failed | A scan or PR review fails the quality gate | Enabled |
| New CVE Alert | A newly published CVE affects your dependencies | Enabled |
Scan Events
| Email Type | Trigger | Default |
|---|---|---|
| Scan Completed | A scan finishes successfully | Disabled |
| Scan Failed | A scan encounters an error | Enabled |
| PR Review Completed | A PR review finishes with results | Disabled |
| Scheduled Scan Summary | Daily/weekly digest of scheduled scan results | Disabled |
Account & Team Events
| Email Type | Trigger | Default |
|---|---|---|
| Team Invitation | You are invited to join an organization | Always on |
| Member Joined | A new member accepts an invitation | Enabled |
| Role Changed | Your role in an organization is updated | Always on |
| Plan Upgraded | Organization plan is upgraded | Enabled |
| Plan Expiring | Subscription is about to expire | Always on |
| Weekly Security Digest | Weekly summary of findings across all repos | Disabled |
Configuration
Per-User Preferences
Each user can configure their notification preferences:
- Go to Settings → Notifications
- Toggle each email type on or off
- Click Save
“Always on” notifications cannot be disabled as they relate to account security and access.
Organization-Level Policies
Organization admins can set notification policies that apply to all members:
- Go to Settings → Policies → Notifications
- Set which notifications are force-enabled for all members
- Set notification recipients for security alerts (additional emails beyond the triggering user)
Per-Repository Overrides
Override notification settings for specific repositories:
- Go to Repository Settings → Notifications
- Toggle notifications for that repo only
- Add additional recipients specific to that repository
Email Delivery
Reliability
- Emails are queued and retried automatically on failure with exponential backoff
- Failed deliveries are logged and visible in Settings → Email Logs (admin only)
Email Content
Security Alert Emails Include:
- Finding severity and type
- Affected file and line number
- Repository name and branch
- Direct link to the finding in the dashboard
- Recommended fix summary
Digest Emails Include:
- Summary counts by severity
- Top 5 new findings since last digest
- DORA metric snapshot
- Link to the full dashboard
Unsubscribing
Every email includes an unsubscribe link in the footer. Clicking it disables that specific email type for your account. You can re-enable it anytime from Settings → Notifications.