Overview
Outbound webhooks send real-time event notifications from Cysmiq to HTTPS endpoints you control.
Availability depends on your Cysmiq plan.
Use outbound webhooks to connect Cysmiq events to internal automation, ticketing workflows, SIEM pipelines, data warehouses, or notification systems.
Create an endpoint
Select New Endpoint and configure:
| Field | What to enter |
|---|
| Description | Optional name for the endpoint. If blank, Cysmiq shows the endpoint URL. |
| Payload URL | HTTPS URL that receives webhook deliveries. The URL cannot contain embedded credentials, URL fragments, or private network addresses. |
| Scope | Workspace, organization, or repository scope for matching events. |
| Event Subscriptions | One or more event labels or event groups that should trigger deliveries. |
After creating an endpoint, copy the Signing Secret immediately. Cysmiq only shows the signing secret when the endpoint is created or when the secret is rotated.
Scope
| Scope | Events delivered |
|---|
| Workspace | Matching events from the entire workspace. |
| Organizational Unit | Matching events tied to the selected organization. |
| Repository | Matching events tied to the selected repository. |
Event Subscriptions
Select event labels to control which deliveries Cysmiq sends to an endpoint.
| Group | Event label | Event name |
|---|
| General | All events | * |
| General | Ping | webhook.ping |
| Scans | All scan events | scan.* |
| Scans | Scan created | scan.created |
| Scans | Scan completed | scan.completed |
| Scans | Scan failed | scan.failed |
| Scans | Scan aborted | scan.aborted |
| Scans | Scan skipped | scan.skipped |
| Repositories | Repository created | repository.created |
| Vulnerabilities | All vulnerability events | vulnerability.* |
| Vulnerabilities | Vulnerability created | vulnerability.created |
| Vulnerabilities | Vulnerability status changed | vulnerability.status_changed |
| Vulnerabilities | Vulnerability resolved | vulnerability.resolved |
| Vulnerabilities | Vulnerability closed | vulnerability.closed |
| Vulnerabilities | Vulnerability reopened | vulnerability.reopened |
| Vulnerabilities | Vulnerability regression | vulnerability.regression |
Selecting All events covers product events such as scan, repository, and vulnerability events. Use Send Ping from an endpoint’s action menu to send a test Ping delivery directly to that endpoint.
Selecting All scan events covers every specific scan event. Selecting All vulnerability events covers every specific vulnerability event. Selecting Vulnerability status changed also matches the more specific vulnerability status events: Vulnerability resolved, Vulnerability closed, Vulnerability reopened, and Vulnerability regression.
Endpoint Actions
Open an endpoint to manage it.
| Action | What it does |
|---|
| Edit | Updates the description, payload URL, scope, or event subscriptions. |
| Send Ping | Sends a test Ping delivery to the active endpoint. |
| Pause | Stops deliveries while keeping the endpoint configuration. |
| Resume | Starts deliveries again for a paused endpoint. |
| Re-enable | Makes a disabled endpoint active again and resets consecutive failures. |
| Rotate Secret | Generates a new signing secret and shows it once. |
| Delete | Permanently deletes the endpoint and its subscriptions. |
Endpoint statuses are Active, Paused, and Disabled. Cysmiq can disable an endpoint after repeated delivery failures. A 410 Gone response also disables the endpoint.
Signing
Cysmiq signs each webhook delivery with the endpoint signing secret. Store the secret in your receiving system and verify the signature before trusting the payload.
| Header | Purpose |
|---|
X-Cysmiq-Event | Event name, such as scan.completed. |
X-Cysmiq-Event-Id | Event ID. |
X-Cysmiq-Delivery-Id | Delivery ID. |
X-Cysmiq-Webhook-Id | Endpoint ID. |
X-Cysmiq-Attempt-Id | Delivery attempt ID. |
X-Cysmiq-Attempt | Attempt number for this delivery. |
X-Cysmiq-Triggered-At | Timestamp when the delivery was triggered. |
X-Cysmiq-Schema-Version | Payload schema version. |
X-Cysmiq-Signature | HMAC signature for the delivery body. |
The signature header has the format t=<unix_timestamp>,v1=<signature>. During secret rotation overlap, the header can contain two v1 signatures so receivers can accept the previous secret while switching to the new one.
To verify a delivery, compute an HMAC SHA-256 over timestamp.delivery_id.attempt_id.raw_json_body with the signing secret, then compare it with a v1 value from X-Cysmiq-Signature.
Payload
Webhook payloads use a JSON envelope.
| Field | Meaning |
|---|
id | Event ID. |
type | Event name. |
created_at | When the event occurred. |
schema_version | Payload schema version. |
mode | Payload mode. Current endpoints use snapshot. |
workspace | Workspace ID and slug. |
data | Event-specific snapshot data. |
changes | Changed fields when the event includes change data. |
Delivery History
Each endpoint shows recent deliveries with:
- Event
- Status
- HTTP
- Attempts
- Triggered
Open a delivery to inspect the payload, payload SHA-256, delivery metadata, and individual delivery attempts. Attempts include result, HTTP status, duration, start time, and error details when available.
Delivery statuses are:
| Status | Meaning |
|---|
| Pending | Delivery is queued. |
| Delivering | Cysmiq is sending the request. |
| Retry Scheduled | Delivery failed with a retryable result and will be retried. |
| Succeeded | Receiver returned a successful response. |
| Failed | Delivery failed with a non-retryable result. |
| Exhausted | Retries were exhausted. |
| Cancelled | Delivery was cancelled, usually because the endpoint cannot receive deliveries. |
Redelivery
Use Redeliver from a terminal delivery detail view to queue a new delivery with the same payload. Redelivery is available only for terminal deliveries and only when the endpoint is active.