Skip to content

av webhook

Manage a project’s webhook alert destinations - the Slack, Teams, Discord, Google Chat, or generic endpoints that receive its CVE alerts.

The Webhooks settings page listing a project’s alert destinations with their platform, enabled state and minimum severity

The same destinations are manageable in the web app’s Webhooks settings. Demo data.

Terminal window
av webhook list --project <project-id>
av webhook get <id> --project <project-id>
av webhook create --project <project-id> --platform <platform> --url <url> [flags]
av webhook delete <id> --project <project-id>
av webhook test <id> --project <project-id>

The binary ships as alertavuln; av is the common alias - they are interchangeable in every example.

av webhook manages the webhook destinations a project’s alerts are delivered to. Every subcommand requires --project and an authenticated session - run av login first.

  • list prints a table of the project’s webhooks with the columns ID, PLATFORM, ENABLED, MIN SEVERITY, and URL.
  • get <id> prints one webhook’s full details as indented JSON.
  • create registers a new destination. --platform and --url are required; the webhook is enabled immediately unless you pass --disabled.
  • delete <id> removes the webhook.
  • test <id> sends a test alert to the destination so you can confirm the URL and channel wiring before a real CVE lands.

--min-severity sets the delivery floor: only alerts whose CVE severity is at or above the threshold are sent to that webhook.

All av webhook subcommands accept:

Flag Default Description
--project - Project ID the webhooks belong to (required)

av webhook create additionally accepts:

Flag Default Description
--platform - Destination platform: slack, teams, discord, googlechat, or generic (required, case-insensitive)
--url - Webhook URL alerts are posted to (required)
--min-severity Medium Minimum CVE severity to deliver: Critical, High, Medium, or Low
--disabled false Create the webhook as disabled

Create a Slack webhook that only receives High and Critical alerts:

Terminal window
av webhook create --project 9f6b2d84-3c1e-4a57-9e2b-7d8c5f01a3e2 \
--platform slack \
--url https://hooks.slack.com/services/T000/B000/XXXX \
--min-severity High

List the project’s webhooks to pick up the ID of the one you just created:

Terminal window
av webhook list --project 9f6b2d84-3c1e-4a57-9e2b-7d8c5f01a3e2

Send a test alert to verify the destination end to end:

Terminal window
av webhook test 2c41f8ab-6e97-4d10-b3aa-51de08c2f7c4 --project 9f6b2d84-3c1e-4a57-9e2b-7d8c5f01a3e2
Code Meaning
0 Command succeeded
1 Command failed - not logged in, invalid flags, or the API returned an error