Skip to main content
Webhooks enable real-time communication between different systems or applications over the internet. They allow one application to send data to another application as soon as a specific event or a trigger occurs. Use webhooks to integrate Endor Labs with applications such as Slack, Microsoft Teams or more, and instantly get notified about projects when scans violate your configured policies. When events occur, Endor Labs sends HTTPS POST requests to URLs of your configured events, with all the information you need.

Configure a webhook integration

Set up a custom integration with Endor Labs webhooks.
  1. Select User menu > Integrations from the left sidebar.
  2. Under Notifications, click Add on the Webhook card. If you already have a webhook integration, click Manage instead.
  3. Click Add Notification Integration. Send Notifications to Webhook appears.
  4. Enter a Name and Description for this integration.
  5. In URL endpoint for webhook, enter the URL of your webhook receiver.
  6. Choose an Auth method of None, Basic, or API Key, then enter its credentials. Basic authentication uses Username and Password. API key authentication uses API Key. Make sure the credentials grant permission to post to your receiver.
  7. If you chose Basic or API Key, HMAC signing is on by default. Enter an HMAC Shared Key, or select Disable HMAC Integration Check to turn it off. When HMAC is on, Endor Labs signs the request body and sends the signature in the X-Endor-HMAC-Signature header so your receiver can verify that the request is authentic. HMAC is not available for None auth.
  8. Optional: Under Custom Headers, click Add Header, then enter a Header name and Header value. You can add up to 20 headers.
    Use custom headers to pass vendor-specific API keys required by your webhook receiver. Endor Labs includes custom headers in every webhook request, regardless of the authentication method used.
  9. Optional: Select Propagate this notification target to all child namespaces to make this integration available in child namespaces.
  10. Click Add Notification Integration to save the integration.

Associate an action policy with the webhook

You can create action policies to trigger webhook notifications when a scan matches policy conditions. For example, send a webhook notification when there is a critical or high vulnerability. To send a webhook when a scan produces matching findings, create an action policy with a Send Notification action that targets your webhook integration. For the full procedure, see Create an action policy. The webhook-specific choices are:
  • Under Choose an Action, select Send Notification.
  • From Select notification targets, choose the webhook integration you created.
From Select aggregation type, choose how findings are grouped into notifications.
  • None (Notify for each Finding) sends a separate notification for each finding.
  • Project sends a single notification for all findings in a project.
  • Dependency sends a notification for every dependency.
  • Dependency per Package Version sends a notification for every unique combination of dependency and package version.

Endor Labs webhook payload

Endor Labs provides the following webhook payload, that you can customize for your needs. You can view all possible payload information in GetFindings REST API endpoint. Expand the spec section in the API response to view all the information. See the following sample notification payload.
If you use Endor Labs with an EU tenant, use https://app.eu.endorlabs.com instead of https://app.endorlabs.com.
In the payload, replace <your-namespace> and <project_uuid> with the values from your Endor Labs tenant. The identifier in each findingURL matches that finding’s uuid.

Payload variations by notification event

Endor Labs sends a webhook for three notification events. The data.message text and the presence of data.findings change with the event.
  • Findings discovered: Endor Labs sends the payload shown above. The data.message field reads <count> findings discovered for project <project> and data.findings lists every finding.
  • New findings added: A later scan finds additional findings. The data.message field reads <count> new findings discovered for project <project> and data.findings lists only the new findings.
  • Findings resolved: A scan resolves all findings. The data.message field reads All findings resolved for project <project> and the payload omits the data.findings array.
The data.policy object is present only when an action policy triggers the notification. The following example shows the payload when a later scan adds new findings. The data.findings array lists only the new findings.
The following example shows the payload when a scan resolves all findings. The payload omits the data.findings array.

Use Endor Labs webhooks to integrate with Slack

If you use Slack as a collaborative tool, integrate Slack channels using webhooks in Endor Labs to publish notifications as messages in the respective channels.

Create incoming webhooks in Slack

Create an incoming webhook to your Slack channel to enable Endor Labs to post notifications in the channel. The webhook provides a unique URL for integrating the channel in Endor Labs. To send messages into Slack using incoming webhooks, see Slack Integration If you have already created an incoming webhook in the channel, copy the unique URL and integrate the channel in Endor Labs.

Customize webhook notification templates

Endor Labs provides you with a default template with standard information for the webhook message. You can use the default template or you can choose to edit and customize this template to fit your organization’s specific requirements. You can also create your own custom templates using Go Templates.
  1. Select User menu > Integrations from the left sidebar.
  2. Under Notifications, click Manage on the Slack card to view the configured notification integrations.
  3. Choose one, click the ellipsis on the right side, and click Edit Template.
  4. Make required changes to any of the following templates and click Save Template.
    • Open - This template applies when Endor Labs raises new notifications.
    • Update - This template applies when an existing notification updates, such as when findings change.
    • Resolve - This template applies when all findings reported by the notification resolve.
  5. Click Restore to Default to revert the changes.
  6. Use the download icon on the top right corner to download this template.
  7. Use the copy icon to copy the information in the template.

Data model

To create custom templates for Webhook notifications, you must understand the data supplied to the template. See the protobuf specification NotificationData message used for the templates. To understand Project, Finding, PackageVersion and RepositoryVersion definitions used in this protobuf specification, see: See the following specification to understand a few additional functions available to the template. You can access these functions by using their corresponding keys.

Webhook handler example for Slack

Create a webhook handler or a cloud function to receive webhook requests generated by Endor Labs, authorize the request, and post messages to your Slack channel. See the following code sample hosted as a cloud function or a webhook handler.