Skip to main content
NestBot is the official Slack bot for OWASP Nest. It is built on Slack Bolt for Python and runs as a standard Django app inside the Nest backend, giving it full access to the Django ORM, settings, and async job queues.

What NestBot does

NestBot gives OWASP community members a conversational interface directly inside Slack. Members can search projects, find nearby chapters, explore Google Summer of Code opportunities, look up leaders, get contribution ideas, and ask AI-powered questions — all without leaving their Slack workspace.

Slash commands

Twenty slash commands covering projects, chapters, GSoC, jobs, events, and more.

Event handlers

Responds to workspace events such as new members joining, app mentions, and messages.

AI assistant

Answers OWASP-related questions in channels where the assistant is enabled.

Home tab

A personalised app home rendered with Slack Block Kit when a user opens the bot.

Adding NestBot to your workspace

Never install your development Slack application in the OWASP Slack workspace. Doing so interferes with production functionality and triggers unnecessary notifications to Slack admins. Always use a separate workspace during development.
For OWASP community members, NestBot is already available in the OWASP Slack workspace. Open any channel and type /projects or any other slash command to start using it. To install NestBot in your own workspace for development purposes, follow the NestBot development setup instructions.

Architecture

NestBot is a Django app located at backend/apps/slack/. It is registered in INSTALLED_APPS alongside every other Nest Django app. At startup, Django initialises SlackConfig, which creates the Slack Bolt App instance and registers all command and event handlers. Requests from Slack arrive at two endpoints served by Django:
EndpointPurpose
/integrations/slack/commands/Slash command payloads
/integrations/slack/events/Event subscription payloads
/integrations/slack/interactivity/Interactive component payloads (button clicks, modals)
Slack Bolt dispatches each incoming payload to the matching handler. Handlers render Jinja2 templates that produce Slack Block Kit JSON, which is sent back to Slack via slack_sdk.WebClient.

Directory structure

backend/apps/slack/
├── actions/          # Handlers for interactive components (button clicks, modals)
├── commands/         # Slash command handlers (one file per command)
├── events/           # Event handlers (app_mention, team_join, etc.)
│   └── member_joined_channel/   # Channel-specific join handlers
├── models/           # Django models: Workspace, Conversation, Member, Message
└── templates/        # Slack Block Kit Jinja2 templates
    ├── commands/     # One .jinja file per slash command
    └── events/       # One .jinja file per event handler
Each command or event is a Python class that inherits from CommandBase or EventBase. These base classes handle template loading, block rendering, error logging, and Slack API calls, so individual handlers only need to override get_context() or render_blocks() when they require custom logic.

Tech stack

ComponentTechnology
Bot frameworkSlack Bolt for Python
Slack API clientslack_sdk
Web frameworkDjango
Template engineJinja2
Message formatSlack Block Kit JSON
Async jobsDjango RQ (Redis Queue)

Build docs developers (and LLMs) love

Get started for freeTalk to us