Outbound webhooks

Receive DriftGuard events in Slack, Teams, or your own endpoint.

Setup

Go to Dashboard → Settings → Webhooks and add your endpoint URL. DriftGuard signs every request with an HMAC-SHA256 signature in theX-DriftGuard-Signatureheader.

# Verify signature (Python)
import hashlib, hmac
import { getMessages } from "@/i18n/get-locale";
import { createTranslator } from "@/i18n/translator";
import { getUserPreferences } from "@/lib/preferences/server";



def verify(payload: bytes, sig: str, secret: str) -> bool:
    expected = "sha256=" + hmac.new(
        secret.encode(), payload, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, sig)

Events

analysis.completed

Fired after every PR analysis finishes. Includes risk score, findings count, and a link to the full report.

{
  "event": "analysis.completed",
  "analysis_id": "a1b2c3d4",
  "repo": "acme/infra",
  "pr_number": 42,
  "head_sha": "abc1234",
  "risk_score": 67,
  "findings": 8,
  "status": "completed",
  "timestamp": "2026-05-21T10:00:00Z"
}

policy.blocked

Fired when a PR is blocked by a policy rule. Sent before the PR comment so you can react immediately.

{
  "event": "policy.blocked",
  "analysis_id": "a1b2c3d4",
  "repo": "acme/infra",
  "pr_number": 42,
  "rule": "aws_rds_cluster.*.delete",
  "resource": "aws_rds_cluster.prod",
  "timestamp": "2026-05-21T10:00:00Z"
}

drift.detected

Fired when real cloud state diverges from the Terraform plan by more than the configured threshold.

{
  "event": "drift.detected",
  "repo": "acme/infra",
  "pr_number": 42,
  "drifted_resources": ["aws_instance.web-01", "aws_security_group.app"],
  "severity": "high",
  "timestamp": "2026-05-21T10:00:00Z"
}

Retry policy

DriftGuard retries failed deliveries (non-2xx or timeout) with exponential backoff: 1s → 5s → 30s → 5min → 30min. After 5 failures the webhook is suspended. You can manually re-enable it from the dashboard.