It is important to understand the payload being received. Each event contains special headers that help describe the event.
The following headers are of special importance:
Header |
Description |
X-Nexus-Webhook-ID |
This is the event type. For example, iq:policyManagement. |
X-Nexus-Webhook-Delivery |
A unique UUID identifying the event. |
X-Nexus-Webhook-Signature |
The HMAC digest of the payload body, if an optional secret key has been configured. |
X-Nexus-Webhook-Signature-Algorithm |
The algorithm that calculates the HMAC digest of the body, currently only HmacSHA1. |
Example Header.
Content-Type: application/json; charset=UTF-8 User-Agent: Sonatype_CLM_Server/1.24.0-SNAPSHOT (Java 1.7.0_25; Mac OS X 10.11.5) X-Nexus-Webhook-Signature: 687f3719b87232cf1c11b3ef7ea10c49218b6df1 X-Nexus-Webhook-Id: iq:policyManagement X-Nexus-Webhook-Delivery: 7f4a6dde-5c68-4999-bcc0-a62f3fb8ae48
A payload is returned with each event type. An example application evaluation payload is shown below:
Example Payload.
{ 'applicationEvaluation': { 'policyEvaluationId': 'debceb1d-9209-485d-8d07-bd5390de7ef5', 'stage': 'build', 'ownerId': '6a454175-f55d-4d33-ba44-90ac3af2e8b8', 'evaluationDate': '2015-05-05T23:40:12Z', 'affectedComponentCount': 10, 'criticalComponentCount': 2, 'severeComponentCount': 5, 'moderateComponentCount': 3, 'outcome': 'fail' } }
Event Fields. The data structure of the event payload differs by event. Event types share the following common fields:
Field |
Description |
Timestamp |
An ISO 8601 representation of the time. |
Initiator |
userId or "anonymous", "system" for system events. |
Policy Management events include updates to owners, policies, tags, labels, license threat groups, and owner membership mappings.
Policy Management events have the following fields:
Example payload.
{ 'owner': { 'id': '6a454175-f55d-4d33-ba44-90ac3af2e8b8', 'publicId': 'webhooks_application', 'name': 'Webhooks Application', 'parentOwnerId': 'abaed4e0-d31e-4a67-9f71-1a8861641077', 'type': 'APPLICATION', 'tags': [{ 'id': '35304aee-c52f-4f66-9f7c-718e465a0e41', 'name': 'Tag Foo', 'description': 'A tag description.', 'color': 'dark_red' }], 'labels': [{ 'id': '35304aee-c52f-4f66-9f7c-718e465a0e41', 'name': 'Label Foo', 'description': 'A label description.', 'color': 'dark_red' }], 'licenseThreatGroups': [{ 'id': '35304aee-c52f-4f66-9f7c-718e465a0e41', 'name': 'LTG Foo', 'threatLevel': 5 }], 'policies': [{ 'id': '35304aee-c52f-4f66-9f7c-718e465a0e41', 'name': 'Policy Foo', 'threatLevel': 5 }], 'access': [{ 'id': '35304aee-c52f-4f66-9f7c-718e465a0e41', 'name': 'Developers', 'members': [{ 'type': 'USER', 'name': 'jyoung' }] }] } }
Application Evaluation events are those occurring during the lifecycle of a policy evaluation. Evaluation completed is the only evaluation event currently available.
Application Evaluation events have the following fields:
Example payload.
{ 'applicationEvaluation': { 'policyEvaluationId': 'debceb1d-9209-485d-8d07-bd5390de7ef5', 'stage': 'build', 'ownerId': '6a454175-f55d-4d33-ba44-90ac3af2e8b8', 'evaluationDate': '2015-05-05T23:40:12Z', 'affectedComponentCount': 10, 'criticalComponentCount': 2, 'severeComponentCount': 5, 'moderateComponentCount': 3, 'outcome': 'fail' } }
Security Vulnerability Override Management events are issued when a security vulnerability override is created, updated, or deleted.
Security Vulnerability Override Management events have the following fields:
Example payload.
{ 'securityVulnerabilityOverride': { 'id': 'd08a4954c2f942e6bbd95517030ebcf7', 'ownerId': '6a454175-f55d-4d33-ba44-90ac3af2e8b8', 'hash': '46c81da3225f991faa2b', 'source': 'cve', 'referenceId': 'CVE-2016-0788', 'status': 'ACKNOWLEDGED', 'comment': 'Ack' } }
License Override Management events are issued when a license override is created, updated, or deleted.
License Override Management events have the following fields:
Example payload.
{ 'licenseOverride': { 'id': 'cafdf38d458d461583ec6cd509dc8c31', 'ownerId': '6a454175-f55d-4d33-ba44-90ac3af2e8b8', 'status': 'OVERRIDEN', 'comment': '', 'licenseIds': [ 'Apache-2.0' ], 'componentIdentifier': { 'format': 'maven', 'coordinates': { 'artifactId': 'foo', 'classifier': '', 'extension': 'jar', 'groupId': 'net.java.bar', 'version': '1.9' } } } }
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia