Policies and webhooks¶
Policies¶
Policies automate responses to findings based on conditions.
Structure¶
A policy consists of: - Trigger - event that activates the policy - Conditions - filters (severity, scanner, application) - Actions - what to do when triggered
POST /api/policies
Content-Type: application/json
{
"name": "Auto-assign critical findings",
"trigger": "finding.created",
"conditions": {
"severity": ["critical", "high"]
},
"actions": [
{
"type": "assign",
"params": { "user_id": "security-lead-uuid" }
}
]
}
Available actions¶
| Action | Description |
|---|---|
change_status |
Automatically transition finding status |
assign |
Assign finding to a user |
webhook |
Fire a webhook with finding data |
comment |
Add an auto-generated comment |
Webhooks¶
Webhooks send HTTP callbacks when events occur.
POST /api/applications/{id}/webhooks
Content-Type: application/json
{
"url": "https://hooks.slack.com/services/...",
"events": ["finding.created", "finding.updated"],
"secret": "optional-hmac-secret"
}
Supported events¶
| Event | Description |
|---|---|
finding.created |
A new finding was ingested |
finding.updated |
Finding status or assignment changed |
scan.completed |
A scan finished processing |
Each webhook payload is signed with HMAC-SHA256 when a secret is configured (header: X-Servasec-Signature).