Webhook Notifications Integration
Webhook notifications allow you to export vulnerability data to your own systems and services. Data is sent as JSON payloads to your specified endpoint.
No Integration Setup Required
Unlike other integrations, webhook notifications don't require a separate integration configuration. You simply provide the webhook URL directly when configuring the workflow action.
Configuration
Webhook exports are configured as actions in workflows. When creating or editing a workflow:
- Go to Workflows → Create (or edit an existing workflow)
- In the Actions step, add an Export action
- Select Webhook as the integration type
- Enter your webhook URL where the data should be sent
Webhook Payload
When a workflow is triggered, Escape sends a POST request to your webhook URL with a JSON payload containing the resource data (issues, assets, scans, profiles, and locations) that matched the workflow conditions.
Example Payload
{
"issues": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "SQL Injection",
"fullName": "SQL Injection - Critical",
"severity": "HIGH",
"category": "INJECTION",
"status": "OPEN",
"createdAt": "2024-01-15T10:30:00.000Z",
"context": "The application is vulnerable to SQL injection...",
"alertUid": "alert-123",
"securityTestUid": "test-456",
"assetId": "660e8400-e29b-41d4-a716-446655440001",
"asset": {
"id": "660e8400-e29b-41d4-a716-446655440001",
"name": "https://api.example.com/users",
"type": "API_ROUTE",
"class": "SERVICE",
"uri": "https://api.example.com/users",
"createdAt": "2024-01-15T08:00:00.000Z",
"service": {
"id": "770e8400-e29b-41d4-a716-446655440002",
"url": "https://api.example.com",
"type": "REST"
},
"tags": []
},
"targets": [
{
"id": "880e8400-e29b-41d4-a716-446655440003",
"targetUid": "target-789",
"scanId": "990e8400-e29b-41d4-a716-446655440004",
"apiRoute": {
"operation": "POST",
"name": "/users"
}
}
],
"events": [],
"scan": {
"id": "990e8400-e29b-41d4-a716-446655440004",
"status": "COMPLETED",
"kind": "FRONTEND_DAST",
"createdAt": "2024-01-15T09:00:00.000Z",
"applicationId": "aa0e8400-e29b-41d4-a716-446655440005"
},
"application": {
"id": "aa0e8400-e29b-41d4-a716-446655440005",
"name": "My Application",
"scannerKind": "FRONTEND_DAST"
}
}
],
"assets": [
{
"id": "bb0e8400-e29b-41d4-a716-446655440006",
"name": "https://api.example.com/users",
"type": "API_ROUTE",
"class": "SERVICE",
"uri": "https://api.example.com/users",
"createdAt": "2024-01-15T08:00:00.000Z",
"service": {
"id": "cc0e8400-e29b-41d4-a716-446655440007",
"url": "https://api.example.com",
"type": "REST"
},
"scans": [],
"events": []
}
],
"scans": [
{
"id": "dd0e8400-e29b-41d4-a716-446655440008",
"status": "COMPLETED",
"kind": "FRONTEND_DAST",
"createdAt": "2024-01-15T09:00:00.000Z",
"updatedAt": "2024-01-15T10:00:00.000Z",
"applicationId": "ee0e8400-e29b-41d4-a716-446655440009",
"application": {
"id": "ee0e8400-e29b-41d4-a716-446655440009",
"name": "My Application"
}
}
],
"profiles": [
{
"id": "ff0e8400-e29b-41d4-a716-446655440010",
"name": "My Application",
"scannerKind": "FRONTEND_DAST",
"type": "REST",
"createdAt": "2024-01-15T07:00:00.000Z",
"updatedAt": "2024-01-15T07:00:00.000Z"
}
],
"locations": [
{
"id": "110e8400-e29b-41d4-a716-446655440011",
"name": "US East",
"type": "PUBLIC",
"target": "proxy.example.com",
"ip": "192.0.2.1",
"region": "us-east-1",
"enabled": true,
"createdAt": "2024-01-15T06:00:00.000Z"
}
]
}
Payload Structure
Root Object
| Field | Type | Description |
issues | array<Issue> | Array of issue objects that matched the workflow conditions. Empty array if no issues matched. |
assets | array<Asset> | Array of asset objects that matched the workflow conditions. Empty array if no assets matched. |
scans | array<ResourceScan> | Array of scan objects that matched the workflow conditions. Empty array if no scans matched. |
profiles | array<Application> | Array of application/profile objects that matched the workflow conditions. Empty array if no profiles matched. |
locations | array<Proxy> | Array of proxy/location objects that matched the workflow conditions. Empty array if no locations matched. |
Issue Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the issue |
name | string | Short name of the issue |
fullName | string | Full name of the issue, including risk information |
severity | string (enum) | Severity level: CRITICAL, HIGH, MEDIUM, LOW, INFO |
category | string (enum) | Issue category (e.g., INJECTION, AUTHENTICATION, CRYPTOGRAPHY) |
status | string (enum) | Issue status: OPEN, CLOSED, IGNORED |
createdAt | string (ISO 8601) | Timestamp when the issue was created |
context | string | Description and context of the issue |
alertUid | string | Unique identifier for the alert |
securityTestUid | string | Unique identifier for the security test |
assetId | string (UUID) | ID of the asset associated with this issue |
asset | Asset (object) | Complete asset object with nested relations (see Asset Object below) |
targets | array<ResourceScanTarget> | Array of scan targets where this issue was found |
events | array<ResourceScanEvent> | Array of events related to this issue |
scan | ResourceScan (object, optional) | Scan object if the issue is associated with a specific scan |
application | Application (object, optional) | Application object if the issue is associated with a scan |
Asset Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the asset |
name | string | Display name of the asset |
type | string (enum) | Asset type (e.g., API_ROUTE, FRONTEND, SERVICE, HOST) |
class | string (enum) | Asset class: SERVICE, FRONTEND, HOST, NETWORK, REPOSITORY |
uri | string | Uniform Resource Identifier uniquely identifying the asset |
createdAt | string (ISO 8601) | Timestamp when the asset was first discovered |
service | AssetService (object, optional) | Service details if the asset is a service |
frontend | AssetFrontend (object, optional) | Frontend details if the asset is a frontend |
host | AssetHost (object, optional) | Host details if the asset is a host |
repository | AssetRepository (object, optional) | Repository details if the asset is a repository |
schema | AssetSchema (object, optional) | Schema associated with the asset |
scans | array<ResourceScan> | Array of scans that discovered or updated this asset |
events | array<ResourceScanEvent> | Array of events related to this asset |
tags | array<Tag> | Array of tags associated with the asset |
ResourceScan Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the scan |
status | string (enum) | Scan status: STARTING, RUNNING, COMPLETED, FAILED, CANCELED |
kind | string (enum) | Type of scan (e.g., FRONTEND_DAST, BLST_REST, ASM_REST) |
createdAt | string (ISO 8601) | Timestamp when the scan was created |
updatedAt | string (ISO 8601) | Timestamp when the scan was last updated |
finishedAt | string (ISO 8601, optional) | Timestamp when the scan finished |
progressRatio | number | Progress ratio from 0 to 1 |
applicationId | string (UUID) | ID of the application being scanned |
application | Application (object) | Complete application object with nested relations |
Application Object (Profile)
| Field | Type | Description |
id | string (UUID) | Unique identifier of the application |
name | string | Name of the application |
scannerKind | string (enum) | Type of scanner used (e.g., FRONTEND_DAST, BLST_REST) |
type | string (enum) | API type: REST, GRAPHQL, GRPC |
createdAt | string (ISO 8601) | Timestamp when the application was created |
updatedAt | string (ISO 8601) | Timestamp when the application was last updated |
Proxy Object (Location)
| Field | Type | Description |
id | string (UUID) | Unique identifier of the proxy/location |
name | string | Display name of the location |
type | string (enum) | Proxy type: PUBLIC, PRIVATE |
target | string | Target URL or hostname of the proxy |
ip | string (optional) | IP address of the proxy |
region | string (optional) | Geographic region of the proxy |
enabled | boolean | Whether the proxy is currently enabled |
createdAt | string (ISO 8601) | Timestamp when the proxy was created |
ResourceScanTarget Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the target |
targetUid | string | Unique identifier used to deduplicate targets |
scanId | string (UUID, optional) | ID of the scan that found this target |
apiRoute | ResourceScanTargetAPIRoute (object, optional) | API route details if the target is an API route |
codeFile | ResourceScanTargetCodeFile (object, optional) | Code file details if the target is a code file |
graphqlResolver | ResourceScanTargetGraphQLResolver (object, optional) | GraphQL resolver details if the target is a GraphQL resolver |
webPage | ResourceScanTargetWebPage (object, optional) | Web page details if the target is a web page |
webCrawledUrl | ResourceScanTargetWebCrawledUrl (object, optional) | Web crawled URL details if the target is a crawled URL |
AssetService Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the service |
url | string | Base URL of the service |
type | string (enum) | Service type: REST, GRAPHQL, GRPC, WEBSOCKET, MCP |
framework | string (enum, optional) | Framework used by the service |
authProtocol | string (enum, optional) | Authentication protocol used |
authTechnology | string (enum, optional) | Authentication technology used |
cloudProvider | string (enum, optional) | Cloud provider hosting the service |
environment | string (enum, optional) | Environment: PRODUCTION, STAGING, DEVELOPMENT |
ResourceScanTargetAPIRoute Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the API route |
operation | string (enum) | HTTP method: GET, POST, PUT, DELETE, PATCH, etc. |
name | string | Path or route name |
parameters | object (optional) | JSON object containing parameter definitions |
returnType | string (optional) | Return type of the route |
coverage | string (enum, optional) | Coverage status of the route |
ResourceScanTargetCodeFile Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the code file |
language | string | Programming language of the file |
path | string | File path relative to the repository root |
ResourceScanTargetGraphQLResolver Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the GraphQL resolver |
parent | string | Parent type name |
name | string | Resolver name |
parameters | object (optional) | JSON object containing parameter definitions |
returnType | string (optional) | Return type of the resolver |
ResourceScanTargetWebPage Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the web page |
url | string | URL of the web page |
visits | number | Number of times this page was visited during the scan |
ResourceScanTargetWebCrawledUrl Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the crawled URL |
url | string | URL that was crawled |
ResourceScanEvent Object
| Field | Type | Description |
id | string (UUID) | Unique identifier of the event |
title | string | Title of the event |
description | string | Description of the event |
level | string (enum) | Event level: INFO, WARNING, ERROR |
stage | string (enum) | Event stage: EXECUTION, ANALYSIS, etc. |
createdAt | string (ISO 8601) | Timestamp when the event was created |
attachments | array<ResourceScanEventAttachment> | Array of attachments (exchanges, snippets, screenshots, etc.) |
Note
The example above shows only the most commonly used fields for clarity. Additional fields may be present in the actual payload.