Skip to content

Policies and webhooks

Policies

Policies automate responses to findings based on conditions.

Structure

A policy consists of: - Trigger - event that activates the policy - Conditions - filters (severity, scanner, application) - Actions - what to do when triggered

POST /api/policies
Content-Type: application/json

{
  "name": "Auto-assign critical findings",
  "trigger": "finding.created",
  "conditions": {
    "severity": ["critical", "high"]
  },
  "actions": [
    {
      "type": "assign",
      "params": { "user_id": "security-lead-uuid" }
    }
  ]
}

Available actions

Action Description
change_status Automatically transition finding status
assign Assign finding to a user
webhook Fire a webhook with finding data
comment Add an auto-generated comment

Webhooks

Webhooks send HTTP callbacks when events occur.

POST /api/applications/{id}/webhooks
Content-Type: application/json

{
  "url": "https://hooks.slack.com/services/...",
  "events": ["finding.created", "finding.updated"],
  "secret": "optional-hmac-secret"
}

Supported events

Event Description
finding.created A new finding was ingested
finding.updated Finding status or assignment changed
scan.completed A scan finished processing

Each webhook payload is signed with HMAC-SHA256 when a secret is configured (header: X-Servasec-Signature).