Launch Week Day 2: Introducing Reports: An Extensible Reporting Framework for Socket Data.Learn More
Socket
Book a DemoSign in
Socket
Blog
Product

Introducing Webhook Events for Alert Changes

Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.

Phil Gates-Idem

November 21, 2025

3 min read

Introducing Webhook Events for Alert Changes
Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.
Install

Last month, Socket announced Webhook Events for Pull Request Scans. Today, we're taking it further with Webhook Events for Alert Changes: real-time notifications for every alert that gets created, updated, or cleared across your repositories. If you're responsible for monitoring your software supply chain, your job just got a lot easier. Socket now tracks the complete lifecycle of alerts and can trigger automated workflows the moment something changes, so you can stop checking dashboards and start responding faster.

Alert changes don't just happen when you update dependencies. Socket is constantly discovering new threats and improving its database of vulnerabilities, malicious packages, and software risk, which means alerts can change even when your code and SBOMs stay the same. With Webhook Events for Alert Changes, you'll get automated notifications whether the trigger is a newly merged pull request, a newly discovered threat, or a modified security policy.

Each alert change webhook event includes the following:

  • Type of change (alert created, alert updated, or alert cleared)
  • Full alert details including
    • Alert identifier
    • Alert status (open or cleared)
    • Alert timestamps (alert created at, alert updated at, and alert cleared at)
    • Link to alert details page in the Socket dashboard
    • Affected repositories

What Are Webhooks?#

Webhooks are HTTP requests sent from one system to another when specific events occur. They allow real-time updates without having to poll APIs or log into a website.

They’re the foundation behind countless integrations, such as calendar notifications in Slack, Jira ticket updates, or GitHub repository activity. Socket already subscribes to webhook events from GitHub to trigger new scans, and now you can receive webhook events from Socket as well.

Automate Your Workflows with Socket Webhooks#

Once your webhook is set up, Socket can send alert changes directly to your tools and systems, such as Slack, Jira, or custom CI pipelines. This makes it easy to trigger automated actions.

For example, you could automatically create a Jira ticket when a high-severity issue appears, or post a summary of dependency changes to a team Slack channel. Webhooks make it simple to extend Socket’s visibility into the tools you already use.

Socket is Now Tracking Alert Lifecycle#

As part of the work to implement Webhook Events for Alert Changes, Socket is now tracking alert timestamps and alert status. Furthermore, when a brand new alert is detected in your environment it is assigned a unique ID in the format SOCKET-${ORG-SLUG}-${ID-SEQ-NUMBER} (for example, an alert ID might be SOCKET-DUMMY-1020). These alert identifiers (available in the alert.id property). These new alert IDs will first be available via webhooks and, in the future, throughout the Socket dashboard.

How to Set It Up#

If you’re on a Business or Enterprise plan, go to Dashboard → Settings → Webhooks (under “Integrations”) and click Create webhook.

Note: The Create webhook button is only available to organization owners and admins.
Create webhook with support for alert events

You can now configure your new or existing webhooks to receive alert events.

Fill out the required fields (name, URL, and signing key) and select at least one event type.
The signing key allows you to verify webhook payloads when received. You can provide your own key or use the "Generate" button to create one automatically. For implementation details, see the documentation.

By default, webhooks are sent for all repositories in an organization, but you can filter to a subset of repositories or add custom HTTP headers under Advanced settings.

Webhook Payload Structure#

Each alert change webhook event payload includes these properties:

  • type – Type of event (will be alert:created, alert:updated, or alert:cleared for alert webhook events)
  • eventId – A unique identifier of the event that can be used for deduplication
  • schemaType – The type of schema (will be alert@1 for alert change webhook events)
  • data.organization – Details of the Socket organization
  • data.alert – Details of the alert
Sample alert change webhook event payload

Here's an example that shows the received webhook data:

Example of full webhook data received by webhook testing tool

You can use webhook testing tools to test out Socket webhooks.

For the complete schema, visit the webhooks documentation.

Webhooks Roadmap#

Webhook Events for Alert Changes are available now for all Business and Enterprise customers.

Stay tuned! We have more features coming that will make it even easier to integrate Socket into your workflows, automate actions, track changes, and stay on top of your dependency security.

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.
Install

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Related posts

Back to all posts