dpndncY

Webhook payloads

dpndncY POSTs JSON events to your endpoints as things happen. Every payload has a stable, versioned JSON Schema auto-generated from the same types the server emits, so you can validate and type your consumers.

Events

EventFires when
scan.completedA scan finishes (carries summary counts + verdict).
finding.createdA new finding is recorded.
policy.failedA policy gate returns FAIL.
firewall.blockedThe firewall blocks an install.
bypass.requested / bypass.grantedA firewall bypass is requested / approved.
monitor.regression-detectedA monitored project regresses (new high-risk finding).
agent.trace-emittedThe runtime agent signs a job trace.

Envelope

POST body
{
  "event": "firewall.blocked",
  "id": "evt_…",
  "occurredAt": "2026-06-15T10:14:32Z",
  "tenant": "acme",
  "data": { "package": "npm:left-pad@1.0.0", "verdict": "block", "reason": "kev+reachable" },
  "signature": "sha256=…"
}
Verify the signature
Each delivery carries an HMAC signature header computed with your endpoint’s shared secret — verify it before acting on the payload.

Subscriptions

Create and manage subscriptions in the console or via the REST API — choose which events go to which endpoint, with retries on failure.

See also