Guide Docs API keys Start 14-day Pro trial

CVERiskPilotAPI Docs

Developer Guide API Reference Resources Release Notes

Go to platform

Webhook Delivery

CloudEvents 1.0

Webhook events for case movement, findings, and pipeline automation.

Configure endpoints, verify deliveries with HMAC-SHA256, and process CloudEvents payloads.

Envelope

CloudEvents

spec 1.0

Signatures

HMAC

SHA-256

Retries

backoff

Envelope format

Deliveries use CloudEvents 1.0. Event data is nested under `data`.

CloudEvents envelope

{
  "specversion": "1.0",
  "type": "com.cveriskpilot.case.created",
  "source": "/orgs/org_abc123",
  "id": "delivery_unique_id",
  "time": "2026-03-31T10:00:00Z",
  "datacontenttype": "application/json",
  "data": { ... event payload ... }
}

Signature verification

Every delivery includes an HMAC-SHA256 signature over the raw request body.

X-Webhook-Signature — HMAC-SHA256 hex digest

X-Webhook-Event — short event type like case.created

X-Webhook-Timestamp — delivery timestamp

Node.js verification

import crypto from 'node:crypto';

function verifyWebhook(body: string, signature: string, secret: string): boolean {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(body)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature, 'hex'),
    Buffer.from(expected, 'hex'),
  );
}

Delivery behavior

Deliveries retry automatically if the endpoint does not return a `2xx` within 10 seconds.

Attempt 1

Immediate

Attempt 2

+1 min

Attempt 3

+5 min

After three failed attempts, the delivery is marked failed and appears in webhook history.

Event catalog

Primary event types for downstream automation.

case.created

A new vulnerability case was created from ingested findings.

{
  "id": "case_abc123",
  "title": "CVE-2024-21762 — Fortinet FortiOS RCE",
  "severity": "CRITICAL",
  "cveIds": ["CVE-2024-21762"],
  "epssScore": 0.972,
  "kevListed": true,
  "status": "NEW",
  "findingCount": 3,
  "createdAt": "2026-03-31T10:00:00Z"
}

case.status_changed

A case transitioned into a new remediation state.

{
  "id": "case_abc123",
  "fromStatus": "NEW",
  "toStatus": "TRIAGE",
  "changedBy": "user_analyst",
  "reason": "AI triage flagged as TRUE_POSITIVE",
  "changedAt": "2026-03-31T14:00:00Z"
}

finding.created

A raw finding was ingested from a scan upload or connector sync.

{
  "id": "finding_def456",
  "scannerType": "NESSUS",
  "dedupKey": "CVE-2024-21762:192.168.1.10:443",
  "assetId": "asset_web01",
  "vulnerabilityCaseId": "case_abc123",
  "discoveredAt": "2026-03-31T10:00:00Z"
}

sla.breached

A case exceeded its SLA due date without resolution.

{
  "caseId": "case_abc123",
  "slaPolicyId": "sla_critical_7d",
  "dueAt": "2026-03-28T00:00:00Z",
  "severity": "CRITICAL",
  "daysOverdue": 3
}

pipeline.scan.completed

A pipeline scan finished and published its verdict.

{
  "scanId": "scan_jkl012",
  "repoUrl": "https://github.com/acme/app",
  "branch": "main",
  "verdict": "FAIL",
  "totalFindings": 12,
  "criticalCount": 2,
  "highCount": 4,
  "frameworks": ["nist-800-53", "soc2"]
}

pipeline.compliance.violation

A pipeline scan found a framework-level compliance issue.

{
  "scanId": "scan_jkl012",
  "framework": "nist-800-53",
  "control": "SI-2",
  "controlTitle": "Flaw Remediation",
  "violation": "3 critical CVEs without patches applied",
  "severity": "HIGH"
}

Developer guide Docs API keys Support

CVERiskPilot developer surface