Event Types
Complete catalog of all webhook event types available in Trace.
Trace organizes webhook events into categories based on the resource they relate to. Each event type uses a dot-separated naming convention: resource.action.
Vulnerability events
These events fire when vulnerabilities are detected, change status, or are updated. Similar to GitHub Advanced Security's code_scanning_alert and secret_scanning_alert events, Trace vulnerability events cover the full lifecycle of a security finding.
| Event type | Trigger |
|---|---|
vulnerability.detected | A new vulnerability is discovered during a scan. |
vulnerability.fixed | A vulnerability is confirmed as fixed (no longer detected in latest scan). |
vulnerability.reopened | A previously resolved vulnerability is detected again. |
vulnerability.status_updated | A vulnerability's status is manually changed (e.g. to IN_PROGRESS, IGNORED, FALSE_POSITIVE). |
vulnerability.severity_changed | A vulnerability's severity level is updated. |
Event filtering
When configuring a webhook, you can subscribe to:
- All events — Receive every event type listed above.
- Specific event types — Subscribe to only the events relevant to your integration.
- By severity — Filter vulnerability events by minimum severity threshold (e.g. only
HIGHandCRITICAL). - By repository — Scope events to specific repositories in your organization.