Skip to main content
Configure webhooks to receive real-time notifications when events occur in CodeThreat.

Create Webhook

1

Navigate to Webhooks

Organization SettingsWebhooks
2

Create Webhook

Click Create Webhook
3

Configure

Set webhook properties:
  • URL: Your endpoint URL
  • Events: Which events to receive
  • Secret: Optional signing secret
4

Save

Click Create

Available Events

scan.completed: Scan finished scan.failed: Scan encountered error violation.created: New violation found violation.fixed: Violation marked as fixed repository.connected: Repository added member.invited: Team member invited member.added: Team member joined

Webhook Payload

Example payload: 
{
  "event": "scan.completed",
  "timestamp": "2024-03-15T14:32:18Z",
  "data": {
    "scan_id": "scan_123",
    "repository": "myapp",
    "status": "COMPLETED",
    "violations": {
      "critical": 2,
      "high": 5,
      "medium": 12,
      "low": 8
    }
  }
}

Verify Webhook Signatures

Verify webhooks using HMAC signature: 
import hmac
import hashlib

def verify_signature(payload, signature, secret):
    expected = hmac.new(
        secret.encode(),
        payload.encode(),
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature)

What’s Next?

API Keys

Create API keys

CI/CD Integration

Integrate with CI/CD