Webhook Integration

Send DryRun Security events to any webhook endpoint for custom integrations.

Overview

DryRun Security supports webhook integration, allowing you to send security events to any HTTP endpoint. Use webhooks to integrate DryRun Security with custom dashboards, ticketing systems, SIEMs, or any other tool in your security workflow.

Configuring Webhooks

Navigate to the DryRun Security dashboard.
Go to Settings > Integrations > Webhooks.
Click Add Webhook.
Enter the URL of your webhook endpoint.
Select which events should trigger the webhook:
- New Finding - Triggered when a new vulnerability is discovered.
- Finding Resolved - Triggered when a finding is fixed or dismissed.
- Scan Complete - Triggered when a PR scan or DeepScan finishes.
- Policy Violation - Triggered when a custom code policy is violated.
Optionally configure a secret token for request signature verification.
Click Save.

Payload Format

Webhook payloads are sent as HTTP POST requests with a JSON body. Each payload includes:

{
  "event": "new_finding",
  "timestamp": "2026-01-15T10:30:00Z",
  "repository": "org/repo-name",
  "pull_request": 42,
  "finding": {
    "id": "finding-uuid",
    "severity": "high",
    "category": "xss",
    "title": "Cross-Site Scripting in user input handler",
    "file": "src/handlers/input.py",
    "line": 127,
    "description": "User input is rendered without escaping..."
  }
}