Skip to main content

Firewall Webhook Event Types

Event - Container Evaluation

Use the container evaluation webhook to receive notifications when Firewall evaluates a Docker container image pulled through a Nexus Repository docker proxy repository.

Webhook Behavior

The container evaluation webhook fires each time a Docker container image is evaluated by Firewall. This webhook is only available for webhooks configured with the Firewall context.

Example Container Evaluation Event Payload

{
  "timestamp": "2026-04-20T10:30:00.000+00:00",
  "initiator": "admin",
  "id": "evaluation-event-id-123",
  "containerEvaluation": {
    "repository": {
      "id": "repo-internal-id",
      "publicId": "my-docker-proxy",
      "name": "My Docker Proxy",
      "organizationId": "org-id-abc"
    },
    "policyEvaluationId": "policy-eval-id-456",
    "stage": "proxy",
    "ownerId": "repo-internal-id",
    "evaluationDate": "2026-04-20T10:29:55.000+00:00",
    "affectedComponentCount": 12,
    "criticalComponentCount": 2,
    "severeComponentCount": 4,
    "moderateComponentCount": 6,
    "outcome": "fail",
    "reportId": "report-id-xyz",
    "isForLatestScan": true
  }
}

Event - Organization and Repository Management

Use the organization and repository management webhook to receive notifications when repository management changes occur. The webhook is also triggered once when it is created for the first time.

The payload for this webhook includes repository manager and repository-level fields so the event reflects the firewall-specific context.

This webhook can notify external systems when repository management actions occur, including:

  • Create

    When a repository management entry is created, a webhook is triggered.

    The event includes repository manager information and repository information.

  • Edit

    When a repository management entry is updated, a webhook is triggered.

    For example, if the name is changed, the webhook reflects the updated name.

  • Delete

    When a repository is deleted, a webhook is triggered.

    The resulting event reflects the repository state after the deletion.

Example Organization and Repository Management Event Payload

{
  "timestamp": "2026-04-20T10:30:00.000+00:00",
  "initiator": "admin",
  "repositoryManagers": [
    {
      "id": "rm-internal-id",
      "instanceId": "nxrm-instance-001",
      "name": "My Nexus Instance",
      "productName": "Nexus",
      "productVersion": "3.70.0",
      "baseUrl": "http://nexus.example.com:8013",
      "configured": true
    }
  ],
  "repositories": [
    {
      "id": "repo-id-001",
      "publicId": "npm-proxy",
      "repositoryManagerId": "rm-internal-id",
      "format": "npm",
      "repositoryType": "proxy",
      "auditEnabled": true,
      "quarantineEnabled": true
    },
    {
      "id": "repo-id-002",
      "publicId": "maven-central",
      "repositoryManagerId": "rm-internal-id",
      "format": "maven2",
      "repositoryType": "proxy",
      "auditEnabled": false,
      "quarantineEnabled": false
    }
  ]
}

Event - Waiver Expiration

Use the waiver expiration webhook to receive notifications when waiver expiration conditions are detected for the tenant where the webhook is configured.

Webhook Behavior

The waiver expiration webhook is tenant-specific. A webhook configured for one tenant only receives waiver expiration events for that tenant.

Notifications are generated for waivers that are:

  • expiring in 24 hours

  • expiring in 7 days

Tenant Scope

Each tenant manages its own webhook configuration and receives its own waiver expiration events. To receive notifications for multiple tenants, configure a webhook for each tenant.

Event Behavior

When waiver expiration processing runs, webhook deliveries reflect the waiver expiration condition for the tenant.

The webhook can indicate statuses such as:

  • expiring in 24 hours

  • expiring in 7 days

Example Waiver Expiration Event Payload - Expiring in 24 Hours

{
  "timestamp": "2026-04-20T10:30:00.000+00:00",
  "initiator": "SYSTEM",
  "eventType": "iq:waiverExpiration",
  "application": {
    "id": "app-internal-id"
  },
  "component": {
    "packageUrl": "pkg:npm/[email protected]",
    "format": "npm",
    "displayName": "[email protected]"
  },
  "policy": {
    "id": "policy-id-def",
    "name": "Integrity-Rating",
    "threatLevel": 9
  },
  "waiver": {
    "id": "waiver-id-abc",
    "expirationDate": "2026-04-21T23:59:59.999+00:00",
    "comment": "",
    "creatorUsername": "jsmith"
  },
  "status": "EXPIRING_IN_24_HOURS"
}

Example Waiver Expiration Event Payload - Expiring in 7 Days

{
  "timestamp": "2026-04-20T10:30:00.000+00:00",
  "initiator": "SYSTEM",
  "eventType": "iq:waiverExpiration",
  "application": {
    "id": "ROOT_ORGANIZATION_ID"
  },
  "component": {
    "packageUrl": "pkg:maven/org.example/[email protected]",
    "format": "maven2",
    "displayName": "org.example:library:1.2.3"
  },
  "policy": {
    "id": "policy-id-abc",
    "name": "Security-Medium",
    "threatLevel": 7
  },
  "waiver": {
    "id": "waiver-id-xyz",
    "expirationDate": "2026-04-27T23:59:59.999+00:00",
    "comment": "Temporary waiver pending vendor fix",
    "creatorUsername": "jsmith"
  },
  "status": "EXPIRING_IN_7_DAYS"
}