Webhooks
Repository Firewall sends a webhook when it blocks or quarantines a component download due to policy violations. Webhooks are configured as Capabilities in Nexus Repository. Use these webhooks to integrate with external systems for incident response, security alerting, and compliance tracking.
When enabled, quarantine webhooks provide:
Real-time notifications when components are blocked or quarantined.
Policy violation details, including CVE IDs, CVSS scores, and threat levels (for first-time quarantine events).
Component identification using Package URL (PURL) and format-specific coordinates.
Global configuration that applies to all repositories.
How Quarantine Webhooks Work
Webhooks cover two distinct scenarios. The values of quarantine_status and action indicate which of the two scenarios triggered the webhook.
First-Time Quarantine
When a component fails policy evaluation during download, it is added to quarantine. This scenario occurs when IQ Server policy evaluation fails during a component download. Nexus evaluates the component, adds it to quarantine, and blocks the download with HTTP 403 (HTTP 409 for NuGet packages). The webhook payload includes detailed policy violation information (including CVE information).
Expected values:
quarantine_status: QUARANTINEDaction: QUARANTINED
Repeat Access to Quarantined Component
This scenario occurs when a user tries to download a component that is already quarantined. Nexus blocks the request without performing a new policy evaluation and returns HTTP 403 (HTTP 409 for NuGet packages). The webhook payload includes a generic reason indicating a repeat access attempt.
Expected values:
quarantine_status: BLOCKEDaction: BLOCKED
Firewall Webhook Event Types
Event Type | Availability in Firewall |
|---|---|
| |
| |
| |
| |
| |
Violation Alert |
|
| |
Waiver Request |
|
Getting Started
Use the following pages to configure and validate webhook delivery in Nexus Repository
Use the following pages to create webhook and event types in Firewall