Snyk’s webhook system is actually a distributed state machine that triggers actions based on events, rather than a simple notification service.
Let’s see this in action. Imagine Snyk detects a new vulnerability in your project.
{
"event": {
"eventType": "INTEGRATION_ERROR",
"integrationName": "slack",
"integrationType": "slack",
"integrationId": "a1b2c3d4-e5f6-7890-1234-abcdef123456",
"timestamp": "2023-10-27T10:30:00Z",
"resource": {
"id": "proj_1234567890abcdef",
"type": "project",
"name": "my-app",
"monitorId": "mon_abcdef1234567890"
},
"notification": {
"type": "INTEGRATION_ERROR",
"message": "Failed to send notification to Slack: Rate limit exceeded."
}
}
}
This JSON represents a Snyk webhook event. Snyk emits these events when something significant happens within your connected projects or integrations. The eventType tells you what kind of event occurred, and the resource details what Snyk was operating on. The notification field, if present, provides a human-readable summary or error.
Here’s how you’d configure Snyk to send these events to Slack and PagerDuty.
First, in Snyk, navigate to your Organization settings, then to "Webhooks". You’ll add a new webhook. The "Target URL" will be the endpoint that receives the webhook data. For Slack, this is typically an Incoming Webhook URL you create within your Slack workspace. For PagerDuty, you’ll use a "Events API v2" integration endpoint.
The "Events" section is crucial. You’ll select the types of events you want to trigger a notification. For this scenario, you’d want to select "New vulnerability detected" and potentially "New issue detected" (which covers vulnerabilities, license issues, and code quality issues).
When Snyk detects a new high-severity vulnerability in your my-app project, it constructs a JSON payload similar to the example above, but with eventType as VULNERABILITY_FOUND. This payload is then POSTed to your configured webhook URL.
Your Slack integration, listening at its Incoming Webhook URL, receives this JSON. It parses the resource.name and resource.id to understand which project has the new vulnerability. It then formats a user-friendly message for a Slack channel, like: "🚨 New High Severity Vulnerability in my-app! View details: [link to Snyk issue]".
Simultaneously, your PagerDuty integration, listening at its Events API v2 endpoint, receives the same JSON payload. PagerDuty’s integration maps the Snyk event to an incident. It might use the resource.name as the "Summary" and the vulnerability details as "Custom Details" in the PagerDuty incident, ensuring your on-call team is alerted.
The most surprising thing about Snyk webhooks is their role in enabling complex automation flows. Beyond simple notifications, you can use them to trigger custom scripts that automatically create tickets in Jira, update inventory systems, or even initiate rollback procedures for critical deployments, all without manual intervention. This transforms Snyk from a security scanner into an active participant in your CI/CD pipeline and incident response.
The configuration for filtering webhooks is surprisingly granular. You can specify which projects, which issue types (vulnerabilities, license compliance, code quality), and even which severity levels should trigger an event, allowing for highly tailored notification strategies.
The next step in mastering Snyk’s event-driven capabilities is exploring the use of custom filters and transformations within your webhook receivers to enrich the data sent to downstream systems.