A webhook allows Veracode Software Composition Analysis to notify you when certain events occur in your project. When the event is triggered, Veracode sends an HTTP POST request with a payload to your configured URL.
Adding a Webhook to a Project
Navigate to your project in the Veracode Platform. Click the Settings action to open the Project Settings page. Click Notifications in the left navigation, as seen below. Click to enter your payload URL and the events to which you want to subscribe.
Note: The payload URL must be accessible from the internet and accept
HTTP HEAD requests.
Events
These events can trigger notifications:
Event | Description |
---|---|
Scan | When a project has been scanned successfully. |
Vulnerability issues discovered in project library after a scan | When a Veracode researcher has released a new vulnerability that affects your project |
Vulnerability issues changed in project library after a scan | When a Veracode researcher has updated a vulnerability that affects your project |
Payload
Each event will trigger a particular type of payload with the relevant information. The following are examples of the payloads that you can expect from each event.
- Event: scan success
{ "event": "SCAN_SUCCESS", "organization": { "id": 310, "name": "Veracode", "planType": "ENTERPRISE" }, "workspace": { "id": 4788, "name": "Webhooks" }, "user": { "id": 2910, "name": "John Smith" }, "scan": { "id": 1099430, "commit": "2bedd63b8e3019121c89108bfccb2421b08e28e9", "branch": "New_demo_branch", "tag": null, "reportLink": "<LINK TO REPORT>", "vulnIssuesCount": 31, "outofDateIssuesCount": 9, "licenseIssuesCount": 0 }, "project": { "id": 20757, "name": "example-javascript" } }
- Event: vulnerability issues
discovered
{ "event": "VULN_ISSUES_DISCOVERED_AFTER_SCAN", "organization": { "id": 310, "name": "Veracode", "planType": "ENTERPRISE" }, "workspace": { "id": 4788, "name": "Webhooks" }, "user": null, "issues": [ { "id": 111967, "status": "NEW", "issueUrl": "<LINK TO ISSUE>", "vuln": { "id": 16462, "title": “Title of vulnerability", "cvssScore": 4.3, "cvss3Score": 5.9, "cve": null, "cveStatus": "NA", "stage": "RELEASED", "disclosureDate": null, "hasExploits": false, "vulnerabilityTypes": [], "overview": null } } ], "project": { "id": 20757, "name": "example-javascript" } }
- Event: vulnerability issues
changed
{ "event": "VULN_ISSUES_CHANGED_AFTER_SCAN", "organization": { "id": 310, "name": "Veracode", "planType": "ENTERPRISE" }, "workspace": { "id": 4788, "name": "Webhooks" }, "user": null, "issues": [ { "id": 111967, "status": "RESOLVED", "issueUrl": “<LINK TO ISSUE>”, "vuln": { "id": 16462, "title": "Title of vulnerability", "cvssScore": 7.8, "cvss3Score": 5.9, "cve": null, "cveStatus": "NA", "stage": "RELEASED", "disclosureDate": null, "hasExploits": false, "vulnerabilityTypes": [], "overview": null } } ], "project": { "id": 20757, "name": "example-javascript" } }