Configure a webhook integration
Set up a custom integration with Endor Labs webhooks.- Select User menu > Integrations from the left sidebar.
- Under Notifications, click Add on the Webhook card. If you already have a webhook integration, click Manage instead.
- Click Add Notification Integration. Send Notifications to Webhook appears.
- Enter a Name and Description for this integration.
- In URL endpoint for webhook, enter the URL of your webhook receiver.
- Choose an Auth method of None, Basic, or API Key, then enter its credentials. Basic authentication uses Username and Password. API key authentication uses API Key. Make sure the credentials grant permission to post to your receiver.
-
If you chose Basic or API Key, HMAC signing is on by default. Enter an HMAC Shared Key, or select Disable HMAC Integration Check to turn it off. When HMAC is on, Endor Labs signs the request body and sends the signature in the
X-Endor-HMAC-Signatureheader so your receiver can verify that the request is authentic. HMAC is not available for None auth. -
Optional: Under Custom Headers, click Add Header, then enter a Header name and Header value.
You can add up to 20 headers.
Use custom headers to pass vendor-specific API keys required by your webhook receiver. Endor Labs includes custom headers in every webhook request, regardless of the authentication method used.
- Optional: Select Propagate this notification target to all child namespaces to make this integration available in child namespaces.
- Click Add Notification Integration to save the integration.
Associate an action policy with the webhook
You can create action policies to trigger webhook notifications when a scan matches policy conditions. For example, send a webhook notification when there is a critical or high vulnerability. To send a webhook when a scan produces matching findings, create an action policy with a Send Notification action that targets your webhook integration. For the full procedure, see Create an action policy. The webhook-specific choices are:- Under Choose an Action, select Send Notification.
- From Select notification targets, choose the webhook integration you created.
- None (Notify for each Finding) sends a separate notification for each finding.
- Project sends a single notification for all findings in a project.
- Dependency sends a notification for every dependency.
- Dependency per Package Version sends a notification for every unique combination of dependency and package version.
Endor Labs webhook payload
Endor Labs provides the following webhook payload, that you can customize for your needs. You can view all possible payload information in GetFindings REST API endpoint. Expand thespec section in the API response to view all the information.
See the following sample notification payload.
If you use Endor Labs with an EU tenant, use
https://app.eu.endorlabs.com instead of https://app.endorlabs.com.<your-namespace> and <project_uuid> with the values from your Endor Labs tenant. The identifier in each findingURL matches that finding’s uuid.
Payload variations by notification event
Endor Labs sends a webhook for three notification events. Thedata.message text and the presence of data.findings change with the event.
- Findings discovered: Endor Labs sends the payload shown above. The
data.messagefield reads<count> findings discovered for project <project>anddata.findingslists every finding. - New findings added: A later scan finds additional findings. The
data.messagefield reads<count> new findings discovered for project <project>anddata.findingslists only the new findings. - Findings resolved: A scan resolves all findings. The
data.messagefield readsAll findings resolved for project <project>and the payload omits thedata.findingsarray.
data.policy object is present only when an action policy triggers the notification.
The following example shows the payload when a later scan adds new findings. The data.findings array lists only the new findings.
data.findings array.
Use Endor Labs webhooks to integrate with Slack
If you use Slack as a collaborative tool, integrate Slack channels using webhooks in Endor Labs to publish notifications as messages in the respective channels.- Configure a webhook integration
- Endor Labs webhook payload
- Use Endor Labs webhooks to integrate with Slack
Create incoming webhooks in Slack
Create an incoming webhook to your Slack channel to enable Endor Labs to post notifications in the channel. The webhook provides a unique URL for integrating the channel in Endor Labs. To send messages into Slack using incoming webhooks, see Slack Integration If you have already created an incoming webhook in the channel, copy the unique URL and integrate the channel in Endor Labs.Customize webhook notification templates
Endor Labs provides you with a default template with standard information for the webhook message. You can use the default template or you can choose to edit and customize this template to fit your organization’s specific requirements. You can also create your own custom templates using Go Templates.- Select User menu > Integrations from the left sidebar.
- Under Notifications, click Manage on the Slack card to view the configured notification integrations.
- Choose one, click the ellipsis on the right side, and click Edit Template.
- Make required changes to any of the following templates and click Save Template.
- Open - This template applies when Endor Labs raises new notifications.
- Update - This template applies when an existing notification updates, such as when findings change.
- Resolve - This template applies when all findings reported by the notification resolve.
- Click Restore to Default to revert the changes.
- Use the download icon on the top right corner to download this template.
- Use the copy icon to copy the information in the template.
Data model
To create custom templates for Webhook notifications, you must understand the data supplied to the template. See the protobuf specificationNotificationData message used for the templates.
To understand Project, Finding, PackageVersion and RepositoryVersion definitions used in this protobuf specification, see:
- Project resource kind
- Finding resource kind
- PackageVersion resource kind
- RepositoryVersion resource kind