Webhook Notifications Integration¶

Webhook notifications allow you to export vulnerability data to your own systems and services. Data is sent as JSON payloads to your specified endpoint.

No Integration Setup Required

Unlike other integrations, webhook notifications don't require a separate integration configuration. You simply provide the webhook URL directly when configuring the workflow action.

Configuration¶

Webhook exports are configured as actions in workflows. When creating or editing a workflow:

Go to Workflows → Create (or edit an existing workflow)
In the Actions step, add an Export action
Select Webhook as the integration type
Enter your webhook URL where the data should be sent

webhook-form

Webhook Payload¶

When a workflow is triggered, Escape sends a POST request to your webhook URL with a JSON payload containing the resource data (issues, assets, scans, profiles, locations, and integrations) that matched the workflow conditions.

The payload is generated from Escape resource entities. Arrays at root are always present (possibly empty). Nested relation objects are present only when available.

Example Payload¶

{
  "issues": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "name": "SQL Injection",
      "fullName": "SQL Injection - Critical",
      "severity": "HIGH",
      "category": "INJECTION",
      "status": "OPEN",
      "createdAt": "2024-01-15T10:30:00.000Z",
      "context": "The application is vulnerable to SQL injection...",
      "alertUid": "alert-123",
      "securityTestUid": "test-456",
      "assetId": "660e8400-e29b-41d4-a716-446655440001",
      "asset": {
        "id": "660e8400-e29b-41d4-a716-446655440001",
        "name": "https://api.example.com",
        "type": "REST",
        "class": "API_SERVICE",
        "uri": "asset://service/https://api.example.com",
        "createdAt": "2024-01-15T08:00:00.000Z",
        "service": {
          "id": "770e8400-e29b-41d4-a716-446655440002",
          "url": "https://api.example.com",
          "type": "REST"
        },
        "tags": []
      },
      "targets": [
        {
          "id": "880e8400-e29b-41d4-a716-446655440003",
          "targetUid": "target-789",
          "scanId": "990e8400-e29b-41d4-a716-446655440004",
          "apiRoute": {
            "id": "a10e8400-e29b-41d4-a716-446655440100",
            "operation": "POST",
            "name": "/users"
          }
        }
      ],
      "events": [],
      "scan": {
        "id": "990e8400-e29b-41d4-a716-446655440004",
        "status": "FINISHED",
        "kind": "ASM_REST",
        "createdAt": "2024-01-15T09:00:00.000Z",
        "applicationId": "aa0e8400-e29b-41d4-a716-446655440005"
      },
      "application": {
        "id": "aa0e8400-e29b-41d4-a716-446655440005",
        "name": "My Application",
        "scannerKind": "ASM_REST"
      }
    }
  ],
  "assets": [
    {
      "id": "bb0e8400-e29b-41d4-a716-446655440006",
      "name": "https://app.example.com",
      "type": "WEBAPP",
      "class": "FRONTEND",
      "uri": "asset://frontend/https://app.example.com",
      "createdAt": "2024-01-15T08:00:00.000Z",
      "frontend": {
        "id": "cc0e8400-e29b-41d4-a716-446655440007",
        "type": "WEBAPP",
        "url": "https://app.example.com"
      },
      "scans": [],
      "events": []
    },
    {
      "id": "bb0e8400-e29b-41d4-a716-446655440016",
      "name": "api.example.com",
      "type": "DNS",
      "class": "HOST",
      "uri": "asset://host/api.example.com",
      "createdAt": "2024-01-15T08:00:00.000Z",
      "host": {
        "id": "cc0e8400-e29b-41d4-a716-446655440017",
        "type": "DNS",
        "address": "api.example.com",
        "ips": [
          "192.0.2.1"
        ],
        "ports": [
          {
            "port": 443,
            "protocols": [
              "HTTPS"
            ]
          }
        ]
      },
      "scans": [],
      "events": []
    },
    {
      "id": "bb0e8400-e29b-41d4-a716-446655440026",
      "name": "escape/product",
      "type": "GITHUB_REPOSITORY",
      "class": "REPOSITORY",
      "uri": "asset://repository/github.com/escape/product",
      "createdAt": "2024-01-15T08:00:00.000Z",
      "repository": {
        "id": "cc0e8400-e29b-41d4-a716-446655440027",
        "type": "GITHUB_REPOSITORY",
        "url": "https://github.com/escape/product",
        "visibility": "PRIVATE"
      },
      "scans": [],
      "events": []
    },
    {
      "id": "bb0e8400-e29b-41d4-a716-446655440036",
      "name": "OpenAPI schema",
      "type": "OPENAPI",
      "class": "SCHEMA",
      "uri": "asset://schema/openapi/https://api.example.com/openapi.json",
      "createdAt": "2024-01-15T08:00:00.000Z",
      "schema": {
        "id": "cc0e8400-e29b-41d4-a716-446655440037",
        "type": "OPENAPI",
        "key": "https://api.example.com/openapi.json",
        "s3Key": "schemas/aa/bb/openapi.json"
      },
      "scans": [],
      "events": []
    }
  ],
  "scans": [
    {
      "id": "dd0e8400-e29b-41d4-a716-446655440008",
      "status": "FINISHED",
      "kind": "ASM_REST",
      "createdAt": "2024-01-15T09:00:00.000Z",
      "updatedAt": "2024-01-15T10:00:00.000Z",
      "applicationId": "ee0e8400-e29b-41d4-a716-446655440009",
      "application": {
        "id": "ee0e8400-e29b-41d4-a716-446655440009",
        "name": "My Application"
      }
    }
  ],
  "profiles": [
    {
      "id": "ff0e8400-e29b-41d4-a716-446655440010",
      "name": "My Application",
      "scannerKind": "ASM_REST",
      "type": "REST",
      "createdAt": "2024-01-15T07:00:00.000Z",
      "updatedAt": "2024-01-15T07:00:00.000Z"
    }
  ],
  "locations": [
    {
      "id": "110e8400-e29b-41d4-a716-446655440011",
      "name": "US East",
      "type": "PRIVATE",
      "target": "proxy.example.com",
      "ip": "192.0.2.1",
      "region": "us-east-1",
      "enabled": true,
      "createdAt": "2024-01-15T06:00:00.000Z"
    }
  ],
  "integrations": [
    {
      "id": "120e8400-e29b-41d4-a716-446655440012",
      "name": "GitHub Org Integration",
      "kind": "GITHUB_API_KEY",
      "valid": true,
      "createdAt": "2024-01-15T06:00:00.000Z",
      "updatedAt": "2024-01-15T06:00:00.000Z"
    }
  ]
}

Payload Structure¶

Fields marked optional may be absent or null depending on the resource and trigger context.

Root Object¶

Field	Type	Description
`issues`	`array<Issue>`	Array of issue objects that matched the workflow conditions. Empty array if no issues matched.
`assets`	`array<Asset>`	Array of asset objects that matched the workflow conditions. Empty array if no assets matched.
`scans`	`array<ResourceScan>`	Array of scan objects that matched the workflow conditions. Empty array if no scans matched.
`profiles`	`array<Application>`	Array of application/profile objects that matched the workflow conditions. Empty array if no profiles matched.
`locations`	`array<Proxy>`	Array of proxy/location objects that matched the workflow conditions. Empty array if no locations matched.
`integrations`	`array<Integration>`	Array of integration objects that matched the workflow conditions. Empty array if no integration item is included.

Issue Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the issue
`name`	`string`	Short name of the issue
`fullName`	`string`	Full name of the issue, including risk information
`severity`	`string` (enum)	Severity level: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFO`
`category`	`string` (enum)	Issue category (e.g., `INJECTION`, `ACCESS_CONTROL`, `SCHEMA`)
`status`	`string` (enum)	Issue status: `OPEN`, `RESOLVED`, `MANUAL_REVIEW`, `IGNORED`, `FALSE_POSITIVE`
`createdAt`	`string` (ISO 8601)	Timestamp when the issue was created
`context`	`string`	Description and context of the issue
`alertUid`	`string`	Unique identifier for the alert
`securityTestUid`	`string`	Unique identifier for the security test
`assetId`	`string` (UUID)	ID of the asset associated with this issue
`asset`	`Asset` (object)	Complete asset object with nested relations (see Asset Object below)
`targets`	`array<ResourceScanTarget>`	Array of scan targets where this issue was found
`events`	`array<ResourceScanEvent>`	Array of events related to this issue
`scan`	`ResourceScan` (object, optional)	Scan object if the issue is associated with a specific scan
`application`	`Application` (object, optional)	Application object if the issue is associated with a scan

Asset Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the asset
`name`	`string`	Display name of the asset
`type`	`string` (enum)	Asset type (e.g., `REST`, `WEBAPP`, `DNS`, `GITHUB_REPOSITORY`, `OPENAPI`)
`class`	`string` (enum)	Asset class (e.g., `API_SERVICE`, `FRONTEND`, `HOST`, `REPOSITORY`, `SCHEMA`)
`uri`	`string`	Uniform Resource Identifier uniquely identifying the asset
`createdAt`	`string` (ISO 8601)	Timestamp when the asset was first discovered
`service`	`AssetService` (object, optional)	Service details if the asset is a service
`frontend`	`AssetFrontend` (object, optional)	Frontend details if the asset is a frontend
`host`	`AssetHost` (object, optional)	Host details if the asset is a host
`repository`	`AssetRepository` (object, optional)	Repository details if the asset is a repository
`schema`	`AssetSchema` (object, optional)	Schema associated with the asset
`scans`	`array<ResourceScan>`	Array of scans that discovered or updated this asset
`events`	`array<ResourceScanEvent>`	Array of events related to this asset
`tags`	`array<Tag>` (optional)	Array of tags associated with the asset

ResourceScan Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the scan
`status`	`string` (enum)	Scan status: `STARTING`, `RUNNING`, `FINISHED`, `FAILED`, `CANCELED`
`kind`	`string` (enum)	Type of scan (e.g., `FRONTEND_DAST`, `BLST_REST`, `ASM_REST`)
`createdAt`	`string` (ISO 8601)	Timestamp when the scan was created
`updatedAt`	`string` (ISO 8601)	Timestamp when the scan was last updated
`finishedAt`	`string` (ISO 8601, optional)	Timestamp when the scan finished
`progressRatio`	`number`	Progress ratio from 0 to 1
`applicationId`	`string` (UUID)	ID of the application being scanned
`application`	`Application` (object)	Complete application object with nested relations

Application Object (Profile)¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the application
`name`	`string`	Name of the application
`scannerKind`	`string` (enum)	Type of scanner used (e.g., `FRONTEND_DAST`, `BLST_REST`)
`type`	`string` (enum)	API type: `REST`, `GRAPHQL`, `GRPC`
`createdAt`	`string` (ISO 8601)	Timestamp when the application was created
`updatedAt`	`string` (ISO 8601)	Timestamp when the application was last updated

Proxy Object (Location)¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the proxy/location
`name`	`string`	Display name of the location
`type`	`string` (enum)	Proxy type: `ESCAPE`, `PRIVATE`
`target`	`string`	Target URL or hostname of the proxy
`ip`	`string` (optional)	IP address of the proxy
`region`	`string` (optional)	Geographic region of the proxy
`enabled`	`boolean`	Whether the proxy is currently enabled
`createdAt`	`string` (ISO 8601)	Timestamp when the proxy was created

Integration Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the integration
`name`	`string`	Integration display name
`kind`	`string` (enum)	Integration kind (e.g., `GITHUB_API_KEY`, `WEBHOOK`)
`valid`	`boolean`	Whether the integration is currently considered valid
`createdAt`	`string` (ISO 8601)	Timestamp when the integration was created
`updatedAt`	`string` (ISO 8601)	Timestamp when the integration was last updated

ResourceScanTarget Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the target
`targetUid`	`string`	Unique identifier used to deduplicate targets
`scanId`	`string` (UUID, optional)	ID of the scan that found this target
`apiRoute`	`ResourceScanTargetAPIRoute` (object, optional)	API route details if the target is an API route
`codeFile`	`ResourceScanTargetCodeFile` (object, optional)	Code file details if the target is a code file
`graphqlResolver`	`ResourceScanTargetGraphQLResolver` (object, optional)	GraphQL resolver details if the target is a GraphQL resolver
`webPage`	`ResourceScanTargetWebPage` (object, optional)	Web page details if the target is a web page
`webCrawledUrl`	`ResourceScanTargetWebCrawledUrl` (object, optional)	Web crawled URL details if the target is a crawled URL

AssetService Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the service
`url`	`string`	Base URL of the service
`type`	`string` (enum)	Service type: `REST`, `GRAPHQL`, `GRPC`, `WEBSOCKET`, `MCP`
`framework`	`string` (enum, optional)	Framework used by the service
`authProtocol`	`string` (enum, optional)	Authentication protocol used
`authTechnology`	`string` (enum, optional)	Authentication technology used
`cloudProvider`	`string` (enum, optional)	Cloud provider hosting the service
`environment`	`string` (enum, optional)	Environment: `PRODUCTION`, `STAGING`, `DEVELOPMENT`

AssetFrontend Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the frontend
`type`	`string` (enum)	Frontend type (currently `WEBAPP`)
`url`	`string`	Frontend URL
`framework`	`string` (enum, optional)	Frontend framework
`authProtocol`	`string` (enum, optional)	Authentication protocol
`authTechnology`	`string` (enum, optional)	Authentication technology
`cloudProvider`	`string` (enum, optional)	Cloud provider
`environment`	`string` (enum, optional)	Environment
`ips`	`array<string>`	Resolved IPs for the frontend
`regionCountryCodes`	`array<string>`	Country codes where the frontend is observed
`tls`	`boolean`	Whether TLS is enabled

AssetHost Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the host
`type`	`string` (enum)	Host type: `DNS`, `IPV4`, `IPV6`
`address`	`string`	Main host address
`ips`	`array<string>`	Resolved IP addresses
`regionCountryCodes`	`array<string>`	Country codes where the host is observed
`ports`	`array<AssetHostPort>`	Open ports and protocols
`records`	`array<AssetHostRecord>`	DNS records

AssetHostPort Object¶

Field	Type	Description
`port`	`number`	Network port
`protocols`	`array<string>`	Detected protocols (e.g., `HTTP`, `HTTPS`)

AssetHostRecord Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the DNS record
`type`	`string`	Record type (e.g., `A`, `CNAME`, `MX`)
`value`	`string`	Record value

AssetRepository Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the repository
`type`	`string` (enum)	Repository type: `GITHUB_REPOSITORY`, `GITLAB_REPOSITORY`, `BITBUCKET_REPOSITORY`
`url`	`string`	Repository URL
`name`	`string` (optional)	Repository name
`visibility`	`string` (enum, optional)	Visibility: `PUBLIC`, `PRIVATE`, `INTERNAL`
`archived`	`boolean` (optional)	Whether the repository is archived
`lastCommitSha`	`string` (optional)	Last commit SHA
`lastCommitDate`	`string` (ISO 8601, optional)	Last commit date

AssetSchema Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the schema
`type`	`string` (enum)	Schema type: `OPENAPI`, `GRAPHQL_SCHEMA`, `POSTMAN_COLLECTION`, etc.
`key`	`string`	Stable schema identifier (URL or generated key)
`s3Key`	`string`	Storage key for the schema artifact
`source`	`string` (enum, optional)	Schema source: `UPLOADED`, `GENERATED`, `FOUND`

ResourceScanTargetAPIRoute Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the API route
`operation`	`string` (enum)	HTTP method: `GET`, `POST`, `PUT`, `DELETE`, `PATCH`, etc.
`name`	`string`	Path or route name
`parameters`	`object` (optional)	JSON object containing parameter definitions
`returnType`	`string` (optional)	Return type of the route
`coverage`	`string` (enum, optional)	Coverage status of the route

ResourceScanTargetCodeFile Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the code file
`language`	`string`	Programming language of the file
`path`	`string`	File path relative to the repository root

ResourceScanTargetGraphQLResolver Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the GraphQL resolver
`parent`	`string`	Parent type name
`name`	`string`	Resolver name
`parameters`	`object` (optional)	JSON object containing parameter definitions
`returnType`	`string` (optional)	Return type of the resolver

ResourceScanTargetWebPage Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the web page
`url`	`string`	URL of the web page
`visits`	`number`	Number of times this page was visited during the scan

ResourceScanTargetWebCrawledUrl Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the crawled URL
`url`	`string`	URL that was crawled

ResourceScanEvent Object¶

Field	Type	Description
`id`	`string` (UUID)	Unique identifier of the event
`title`	`string`	Title of the event
`description`	`string`	Description of the event
`level`	`string` (enum)	Event level: `DEBUG`, `INFO`, `WARNING`, `ERROR`
`stage`	`string` (enum)	Event stage: `CONFIGURATION`, `EXECUTION`, `AGENT_REASONING`, `AGENT_ACTION`
`createdAt`	`string` (ISO 8601)	Timestamp when the event was created
`attachments`	`array<ResourceScanEventAttachment>`	Array of attachments (exchanges, snippets, screenshots, etc.)

Note

The example above is schema-consistent and uses current enum values. The webhook may include additional fields from Escape entities; consumers should ignore unknown fields for forward compatibility.