Webhook Integration

StepSecurity's Webhook Integration enables you to receive real-time notifications about security events detected in your organization

This allows teams to respond quickly, integrate with incident response workflows, and enhance observability across CI/CD pipelines.

Prerequisites

Before setting up the Webhook integration:

• You must be an Admin in your StepSecurity organization.

• You should have a webhook endpoint ready to receive POST requests.

• The endpoint must support HTTPS and accept JSON payloads.

Setup

Step 1: Navigate to your StepSecurity dashboard

Step 2: Click "Admin console"

Step 3: Click "Integrations"

Step 4: Click "Enable Webhook Integration

Step 5: Configure Webhook Integration

• Enter your Webhook URL in the corresponding input field.

• Select the HTTP Method (e.g., POST or GET) from the dropdown.

• Add headers such as Authorization, Content-Type, etc.

  • For example, set Content-Type to application/json.

  • Click “+ Add Header” to add multiple headers if needed.

• Choose your message format from the dropdown:

  • Raw – sends raw event data

  • Envelope – wraps the event data in an envelope structure

• Select the kind of content to send:

  • Toggle on Send Insights and/or Send Detections as required.

• Click “Test Connection” to validate the webhook setup.

Step 6: Select the Repos you want to send webhook events for

Step 7: Click “Save changes” to apply your configuration