Listen for events from DeepSource to trigger event-based reactions.
Whenever an event is triggered, DeepSource sends a POST request to a URL configured by you. These events are usually specific points that happen during certain actions like Analysis, Autofix, billing, team updates etc. You can use this to update an external issue tracker, to notify about check results on Slack or Telegram, and much more.
Note
Webhooks can be enabled for organization accounts only.
Begin using webhooks with your DeepSource account in just three steps:
Create a webhook endpoint for your integration.
Use the DeepSource dashboard to add that endpoint to your organization.
Sip coffee while we send events to your configured URL.
You can find the list of all available events here.
To create an endpoint, go to your team settings from your sidebar and navigate to the Webhooks tab. If this is your first time using Webhooks, click ‘Add a new endpoint’.
There are three options to configure:
Endpoint URL: This has to be a public-facing endpoint that accepts a POST request. The payload will be sent to this endpoint whenever an event is triggered.
Enable API signing: This will send an HMAC signature of the payload, created using the secret configured by you. Enabling this will allow you to verify if the request was indeed sent by DeepSource. We recommend enabling this.
Webhook secret: Secret for API signing mentioned above. This needs to be at least 16 characters.
Once you fill in these details, you will have to select at least one event. You can find the list of all available events here.
Once created, the webhook configuration will be saved, but webhooks will be activated only after verification of the test payload
If API signing is enabled, every request will have a x-deepsource-signature header. This signature is generated by hashing the payload with the secret provided by you. It can be used to verify the authenticity of the payload. HMAC is widely supported across programming languages and frameworks, here are a few implementations to get you started.
id: A unique id to identify this webhook event delivery.
type: The triggered webhook event’s shortcode.
createdAt: A UNIX timestamp of when this event was created.
data.object: The object associated with the webhook event. For e.g., in the case of analysis_run.updated webhook event, data.object is an AnalysisRun object.
Other than data.object there can be additional fields depending on the webhook event.
This event is triggered every time an analysis run is triggered. Since this event is triggered each time an analysis run starts, expect the summary attribute to be empty.
This event is triggered every time one of the configured analyzer returns a result for a particular run. For a single run, since any number of analyzers can be configured, there will be multiple events triggered: one per analyzer/check.
All the past checks associated with this run will also be present in the payload (checks). The last check in the list is the check that triggered this event.
{"id":"390137996571050950","type":"analysis_run.updated","createdAt":1642069966,"data":{"object":{"id":"UnVaOmZvcG64eQ==","object":"AnalysisRun","runUid":"75d0dd35-d12c-4f8d-67f1-494b9c1abcdef","status":"PENDING","branchName":"patch-1","baseOid":"07e790b6d5a7e720acf5f2af4b707c2ff1cabceed","commitOid":"99da4fzf3e680e28c3z86afebz3693d3f80bf67b","createdAt":1642069941,"updatedAt":1642069966,"repository":{"id":"UmVwb2Npb99yeTp7z3Z23HY=","object":"Repository","name":"demo-go","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs/demo-go","defaultBranch":"master","latestCommitOid":"07e790b6d5a7e720acf5f2af4b707c2ff1cabceed","isPrivate":false,"isActivated":true,"account":{"id":"T2dzZXIYmm1n2nBi","object":"Account","login":"deepsourcelabs","vcsProvider":"GITHUB","type":"TEAM","avatarUrl":"https://static.deepsource.io/avatars/avatar.png","vcsUrl":"https://github.com/deepsourcelabs"}},"summary":{"object":"AnalysisRunSummary","occurrencesIntroduced":6,"occurrencesResolved":0,"occurrenceDistributionByAnalyzer":[{"object":"OccurrenceDistributionByAnalyzer","analyzerShortcode":"docker","introduced":0},{"object":"OccurrenceDistributionByAnalyzer","analyzerShortcode":"secrets","introduced":0},{"object":"OccurrenceDistributionByAnalyzer","analyzerShortcode":"go","introduced":6}],"occurrenceDistributionByCategory":[{"object":"OccurrenceDistributionByCategory","category":"ANTI_PATTERN","introduced":4},{"object":"OccurrenceDistributionByCategory","category":"BUG_RISK","introduced":2}]},"checks":[{"id":"Q5zyY2s2onlyZW53","object":"Check","sequence":2,"status":"PENDING","analyzer":{"id":"Q3ZhbZl6ZXI7b1x3cW5i","object":"Analyzer","shortcode":"docker","name":"Docker","logoUrl":"https://static.deepsource.io/analyzer_logos/docker.svg"},"createdAt":1642069941,"updatedAt":1642069942,"finishedAt":null,"summary":{"object":"CheckSummary","occurrencesIntroduced":0,"occurrencesResolved":0,"occurrenceDistributionByCategory":[]},"metrics":[]},{"id":"Z8abY2s6YzF4cd5k","object":"Check","sequence":3,"status":"SUCCESS","analyzer":{"id":"DZ9hbHl6ZXI6aHpjZW26","object":"Analyzer","shortcode":"secrets","name":"Secrets","logoUrl":"https://static.deepsource.io/analyzer_logos/secrets.svg"},"createdAt":1642069941,"updatedAt":1642069946,"finishedAt":1642069945,"summary":{"object":"CheckSummary","occurrencesIntroduced":0,"occurrencesResolved":0,"occurrenceDistributionByCategory":[]},"metrics":[]},{"id":"P1hlF1s6Ymd2Z3bv","object":"Check","sequence":1,"status":"FAILURE","analyzer":{"id":"YU5hbHl6API6c78ieXZ6","object":"Analyzer","shortcode":"go","name":"Go","logoUrl":"https://static.deepsource.io/analyzer_logos/go.svg"},"createdAt":1642069941,"updatedAt":1642069966,"finishedAt":1642069966,"summary":{"object":"CheckSummary","occurrencesIntroduced":6,"occurrencesResolved":0,"occurrenceDistributionByCategory":[{"object":"OccurrenceDistributionByCategory","category":"ANTI_PATTERN","introduced":4},{"object":"OccurrenceDistributionByCategory","category":"BUG_RISK","introduced":2}]},"metrics":[{"object":"RepositoryMetric","name":"Documentation Coverage","shortcode":"DCV","description":"Track the extent to which your application code is documented.","unit":"%","positiveDirection":"UPWARD","minValueAllowed":0,"maxValueAllowed":100,"items":[{"id":"UmVwb3NpdG9yeU1ldHJpY0l0ZW06b3Zwb3l4","object":"RepositoryMetricItem","key":"GO","threshold":85,"values":[{"id":"TWV0cmljVmFsdWU6em9tamRt","object":"MetricValue","value":90.0,"valueDisplay":"90.0%","threshold":80,"thresholdStatus":"PASSING","createdAt":1676366233}]}]},{"object":"RepositoryMetric","name":"External Dependencies","shortcode":"DDP","description":"Total number of 3rd-party dependencies used in this repository.","unit":null,"positiveDirection":"DOWNWARD","minValueAllowed":0,"maxValueAllowed":null,"items":[{"id":"UmVwb3NpdG9yeU1ldHJpY0l0ZW06em5neWxi","object":"RepositoryMetricItem","key":"GO","threshold":0,"values":[{"id":"TWV0cmljVmFsdWU6emtrbGRk","object":"MetricValue","value":1,"valueDisplay":"1","threshold":0,"thresholdStatus":"FAILING","createdAt":1676366233}]}]}]}]}}}
{"id":"402328203101736027","type":"autofix_run.started","createdAt":1649335896,"data":{"object":{"object":"AutofixRun","runUid":"8d494192-a837-49d7-a3a9-a0ea78dc667d","createdAt":1649335896,"finishedAt":null,"status":"PENDING","sourceCommit":{"sha":"898d5b958d9cca3e6ced85002e66748e149760f7","branch":"feature-branch"},"autofixCommit":null,"sourcePullRequest":{"number":1,"url":"https://github.com/deepsourcelabs/demo-python/pull/1","title":"Change methods not using its bound instance to staticmethods"},"autofixPullRequest":null,"affectedIssues":[{"id":"SXNzdWU6enJnb2ti","object":"Issue","shortcode":"PYL-R0201","title":"Consider decorating method with `@staticmethod`","shortDescription":"The method doesn't use its bound instance. Decorate this method with `@staticmethod` decorator, so that Python does not have to instantiate a bound method for every instance of this class thereby saving memory and computation. Read more about staticmethods [here](https://docs.python.org/3/library/functions.html#staticmethod).","category":"PERFORMANCE","autofixAvailable":true,"isRecommended":false,"analyzer":{"id":"QW5hbHl6ZXI6bGtiZXZ6","object":"Analyzer","shortcode":"python","name":"Python","logoUrl":"https://dev-asgard-static.s3.us-east-1.amazonaws.com/analyzer_logos/python.svg"}}],"repository":{"id":"UmVwb2Npb99yeTp7z3Z23HY=","object":"Repository","name":"demo-python","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs/demo-python","defaultBranch":"master","latestCommitOid":"07e790b6d5a7e720acf5f2af4b707c2ff1cabceed","isPrivate":false,"isActivated":true,"account":{"id":"T2dzZXIYmm1n2nBi","object":"Account","login":"deepsourcelabs","vcsProvider":"GITHUB","type":"TEAM","avatarUrl":"https://static.deepsource.io/avatars/avatar.png","vcsUrl":"https://github.com/deepsourcelabs"}}}}}
{"id":"402328306801706043","type":"autofix_run.updated","createdAt":1649335958,"data":{"object":{"object":"AutofixRun","runUid":"8d494192-a837-49d7-a3a9-a0ea78dc667d","createdAt":1649335896,"finishedAt":1649335901,"status":"SUCCESS","sourceCommit":{"sha":"898d5b958d9cca3e6ced85002e66748e149760f7","branch":"master"},"autofixCommit":null,"sourcePullRequest":null,"autofixPullRequest":{"number":1,"url":"https://github.com/deepsourcelabs/demo-python/pull/1","title":"Change methods not using its bound instance to staticmethods","status":"OPEN"},"affectedIssues":[{"id":"SXNzdWU6enJnb2ti","object":"Issue","shortcode":"PYL-R0201","title":"Consider decorating method with `@staticmethod`","shortDescription":"The method doesn't use its bound instance. Decorate this method with `@staticmethod` decorator, so that Python does not have to instantiate a bound method for every instance of this class thereby saving memory and computation. Read more about staticmethods [here](https://docs.python.org/3/library/functions.html#staticmethod).","category":"PERFORMANCE","autofixAvailable":true,"isRecommended":false,"analyzer":{"id":"QW5hbHl6ZXI6bGtiZXZ6","object":"Analyzer","shortcode":"python","name":"Python","logoUrl":"https://dev-asgard-static.s3.us-east-1.amazonaws.com/analyzer_logos/python.svg"}}],"repository":{"id":"UmVwb2Npb99yeTp7z3Z23HY=","object":"Repository","name":"demo-python","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs/demo-python","defaultBranch":"master","latestCommitOid":"07e790b6d5a7e720acf5f2af4b707c2ff1cabceed","isPrivate":false,"isActivated":true,"account":{"id":"T2dzZXIYmm1n2nBi","object":"Account","login":"deepsourcelabs","vcsProvider":"GITHUB","type":"TEAM","avatarUrl":"https://static.deepsource.io/avatars/avatar.png","vcsUrl":"https://github.com/deepsourcelabs"}}}}}
data.issueOccurrencesIntroduced is the total count of issue occurrences introduced in the commit.
This event is triggered whenever an issue has been detected in the default branch of the repository.
For instance, if 3 occurrences of issue X and 5 occurrences of issue Y are introduced in the default branch after a commit, two events, one for each issue will be triggered.
This event is not triggered for full runs on the default branch. A full run is when your repository’s full code base is analyzed. This happens, e.g., when the repository is (re)activated, or if the .deepsource.toml gets updated. This is to prevent noise which can arise from a large number of issues being reported in such runs.
{"id":"380143400734187723","type":"repository_issue.introduced","createdAt":1642070207,"data":{"object":{"id":"PhVnb3NpdG9yeUl8c3VlOnp4a2E2bA==","object":"RepositoryIssue","repository":{"id":"ZAb3b3NpdG9yeTp9b3Z2eHY=","object":"Repository","name":"demo-go","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs/demo-go","defaultBranch":"master","latestCommitOid":"72df1dcc3dd4d3211746a236f553065416d3766723","isPrivate":false,"isActivated":true,"account":{"id":"Y2duZXI6Y2dd4hBi","object":"Account","login":"deepsourcelabs","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs","type":"TEAM","avatarUrl":"https://static.deepsource.io/avatar.png"}},"issue":{"id":"UIOzdWU6end2b23i","object":"Issue","shortcode":"CRT-A0016","title":"Simplify slice expression to sliced value itself","shortDescription":"If a value is of type slice already, it need not be converted to slice again.","category":"ANTI_PATTERN","autofixAvailable":true,"isRecommended":false,"analyzer":{"id":"TW5hbTl6ZTI6c12ieXZ6","object":"Analyzer","shortcode":"go","name":"Go","logoUrl":"https://static.deepsource.io/analyzer_logos/go.svg"}},"occurrences":[{"id":"Q10lY2tJc7N1ZTpZeGpxZW9l","object":"Occurrence","title":"could simplify allProducts[:] to allProducts","path":"code.go","beginLine":160,"beginColumn":14,"endLine":160,"endColumn":14}]},"issueOccurrencesIntroduced":1}}
This event is triggered whenever an issue is resolved in the default branch of the repository.
For instance, if 3 occurrences of issue X and 5 occurrences of issue Y are resolved in the default branch after a commit, two events, one for each issue, will be triggered.
This event is not triggered for full runs on the default branch. A full run is when your repository’s full code base is analyzed. This happens, e.g., when the repository is (re)activated or if the .deepsource.toml gets updated. This is to prevent noise that can arise from a large number of issues being reported in such runs.
Event shortcode: repository_issue.resolved
data.object is a RepositoryIssue.`
data.issueOccurrencesResolved is the total count of issue occurrences resolved in the commit.
data.object.occurrences will always be an empty list.
{"id":"380143400734187723","type":"repository_issue.resolved","createdAt":1642070207,"data":{"object":{"id":"PhVnb3NpdG9yeUl8c3VlOnp4a2E2bA==","object":"RepositoryIssue","repository":{"id":"ZAb3b3NpdG9yeTp9b3Z2eHY=","object":"Repository","name":"demo-go","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs/demo-go","defaultBranch":"master","latestCommitOid":"72df1dcc3dd4d3211746a236f553065416d3766723","isPrivate":false,"isActivated":true,"account":{"id":"Y2duZXI6Y2dd4hBi","object":"Account","login":"deepsourcelabs","vcsProvider":"GITHUB","vcsUrl":"https://github.com/deepsourcelabs","type":"TEAM","avatarUrl":"https://static.deepsource.io/avatar.png"}},"issue":{"id":"UIOzdWU6end2b23i","object":"Issue","shortcode":"CRT-A0016","title":"Simplify slice expression to sliced value itself","shortDescription":"If a value is of type slice already, it need not be converted to slice again.","category":"ANTI_PATTERN","autofixAvailable":true,"isRecommended":false,"analyzer":{"id":"TW5hbTl6ZTI6c12ieXZ6","object":"Analyzer","shortcode":"go","name":"Go","logoUrl":"https://static.deepsource.io/analyzer_logos/go.svg"}},"occurrences":[]},"issueOccurrencesResolved":1}}
