Boost Webhook Event Body Parameters¶
The following table documents the parameters included in the JSON payload of a Boost Webhook event, as triggered by Boost's security analysis. Each parameter is described with its purpose, data type, and relevant external references where applicable.
| Parameter Name | Description | Type | External Reference |
|---|---|---|---|
analyzer_name |
The name of the analyzer tool that generated the Webhook event. For example, "Gitleaks" indicates the tool used to detect sensitive information in the repository. | String | N/A |
findings |
An array of objects containing details about security findings identified by the analyzer. Each finding represents a specific issue detected in the repository. | Array[Object] | N/A |
findings[].finding_id |
A unique identifier for the specific finding, represented as a UUID. | String | N/A |
findings[].finding_url |
A URL linking to the Boost Dashboard where the finding can be viewed in detail. Provides direct access to the finding's context within Boost's interface. | String | N/A |
findings[].state |
The current state of the finding, indicating whether it is new, resolved, or in another status. Example: "new". | String | N/A |
findings[].timestamp |
The timestamp when the finding was detected, formatted in ISO 8601 (e.g., "2025-07-29T19:28:51.213098Z"). | String | N/A |
findings[].analyzer_rule |
An object describing the rule violated, which triggered the finding. It includes metadata about the rule and its classifications. | Object | N/A |
findings[].analyzer_rule.name |
The name of the rule violated, e.g., "generic-api-key" for findings related to exposed API keys. | String | BoostSecurity Rules |
findings[].analyzer_rule.description |
A description of the rule, explaining the nature of the violation, e.g., exposure of sensitive information like a Generic API Key to unauthorized actors. | String | BoostSecurity Rules |
findings[].analyzer_rule.labels |
An array of label objects that categorize the rule for filtering and prioritization, providing additional context such as compliance or severity classifications. | Array[Object] | N/A |
findings[].analyzer_rule.labels[].name |
The identifier for the label, e.g., "ALL", "boost-baseline", or "cwe-200". | String | Varies (see below for specific references) |
findings[].analyzer_rule.labels[].pretty_name |
A human-readable version of the label name, e.g., "All", "BoostSecurity Baseline", or "CWE-200 - Exposure of Sensitive Information". | String | Varies (see below for specific references) |
findings[].analyzer_rule.labels[].doc_ref |
A URL linking to documentation for the label, providing further details on the rule or standard, e.g., BoostSecurity rules, CWE definitions, or OWASP Top 10. Examples include links to CWE-200, CWE-522, CWE-798, CWE Top 25, and OWASP Top 10. | String | BoostSecurity Rules, CWE-200, CWE-522, CWE-798, CWE Top 25, OWASP Top 10 |
findings[].confidence |
The confidence level of the finding, indicating the likelihood that it is accurate. Example: "medium". | String | N/A |
findings[].severity |
The severity level of the finding, indicating its potential impact. Example: "warning". | String | N/A |
findings[].details |
An object containing specific details about the finding, such as the type of issue, its location in the code, and its validity. | Object | N/A |
findings[].details.type |
The type of issue detected, e.g., "generic-api-key" for an exposed API key. | String | N/A |
findings[].details.validity |
The validity status of the finding, indicating whether the issue is confirmed, unknown, or invalid. Example: "unknown". | String | N/A |
findings[].details.critical_service_secret |
A boolean indicating whether the finding involves a critical service secret. Example: false. |
Boolean | N/A |
findings[].details.location |
The file or resource where the issue was detected, e.g., "config.ini". | String | N/A |
findings[].details.start_line_number |
The starting line number in the file where the issue was found. Example: 1. | Integer | N/A |
findings[].details.start_column_number |
The starting column number on the line where the issue was found. Example: 1. | Integer | N/A |
findings[].details.end_line_number |
The ending line number in the file where the issue was found. Example: 1. | Integer | N/A |
findings[].details.end_column_number |
The ending column number on the line where the issue was found. Example: 108. | Integer | N/A |
findings[].code_link |
An object containing a reference to the specific code location where the issue was found, including a clickable link. | Object | N/A |
findings[].code_link.text |
The text description of the code location, e.g., "config.ini#L1". | String | N/A |
findings[].code_link.href |
A URL linking to the specific line in the repository where the issue was detected, e.g., a GitHub file link. | String | GitHub Documentation |
findings[].suppressions |
An array of suppression rules applied to the finding, if any. An empty array ([]) indicates no suppressions. |
Array | N/A |
findings[].is_critical_risk |
A boolean indicating whether the finding is classified as a critical risk. Example: false. |
Boolean | N/A |
findings[].critical_risk_justification_text |
A text explanation justifying the critical risk status, if applicable. null if not a critical risk. |
String/Null | N/A |
findings[].remediation |
Recommended steps to resolve the finding, e.g., removing sensitive data from the repository and its Git history. Includes a link to relevant GitHub documentation for further guidance. | String | GitHub: Removing Sensitive Data |
organization_name |
The name of the organization associated with the repository, e.g., "FranckBoostOrg". | String | N/A |
scm_provider |
The source control management provider hosting the repository, e.g., "github". | String | N/A |
base_url |
The base URL for the repository or service, if applicable. null if not provided. |
String/Null | N/A |
repository_name |
The name of the repository where the issue was detected, e.g., "multi". | String | N/A |
asset_attributes |
Additional attributes or metadata about the repository or asset, if applicable. null if not provided. |
Object/Null | N/A |