Docs/Integrations/Webhook Integration

Webhook Integration

Receive a POST request to any HTTP endpoint when DryRun Security detects a finding on a pull request.

Overview

DryRun Security sends a webhook POST request to a configured endpoint when a finding is detected on a pull request. Use this to route finding data to custom dashboards, ticketing systems, SIEMs, or automation tools.

Webhook setup is a two-step process: first create the webhook in Integrations, then attach it to a configuration to activate it for specific repositories.

Step 1: Create a Webhook

  1. In the left nav of the DryRun Security dashboard, click Integrations.
  2. Find the Generic Webhook entry and click Details.
  3. Click Add Webhook +.
  4. Enter a Name for the webhook.
  5. Enter the Webhook URL of your endpoint.
  6. Select a Risk Level. Findings at the selected severity and above will trigger the webhook.
Risk LevelFindings included
AllAll findings regardless of severity
MediumMedium, High, and Critical
HighHigh and Critical
CriticalCritical only
  1. Use the Enabled toggle to activate or pause the webhook at any time.
  2. Check Global to trigger this webhook for all repositories, regardless of configuration. Leave it unchecked to activate it only through specific configurations (see Step 2).
  3. Click Save.

Step 2: Activate for Repositories

A webhook only fires for repositories included in a configuration with notifications enabled. To attach your webhook to a configuration:

  1. Navigate to Configurations in the dashboard.
  2. Click Edit on an existing configuration.
  3. Toggle Notifications Enabled on.
  4. In the Select Integrations dropdown, choose the webhook you created in Step 1.
  5. Click Save at the bottom of the page.

The webhook will now fire for any PR finding in the repositories covered by that configuration.

If you have not created a webhook yet, click Add + on the Configurations page to go directly to the Generic Webhook setup page.

Payload Format

DryRun Security sends an HTTP POST with a JSON body to your endpoint when a finding is detected.

{
  "event": "new_finding",
  "timestamp": "2026-01-15T10:30:00Z",
  "repository": "org/repo-name",
  "pull_request": 42,
  "finding": {
    "id": "finding-uuid",
    "severity": "high",
    "category": "xss",
    "title": "Cross-Site Scripting in user input handler",
    "file": "src/handlers/input.py",
    "line": 127,
    "description": "User input is rendered without escaping..."
  }
}