Skip to main content

GitHub Webhooks

Webhooks allow you to build or set up integrations which subscribe to certain events on When one of these events is triggered, a HTTP POST payload is sent to the Webhook's configured URL. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server.

Checkmarx exposes a Webhook as described above and subscribes it to the commit/push source code event on GitHub.

When a user commits/pushes source code to a GitHub repository, the event is triggered, and GitHub sends a HTTP POST to Checkmarx, which in turn triggers a Scan of that repository.

A WebHook is created when a user configures GitHub Integration. Please refer to Configuring GitHub Integration.

To confirm that the Webhook was actually created:

1. Log in to your GitHub account and enter the Dashboard.


2. Select a repository from the Your Repositories list.


3. Click Settings.


4. Click Webhooks. The Webhook is created and liosted in the Webhooks list



Ping requests are only supported from Checkmarx CxSAST version 8.4.2 and up, and may have limitations and network issues.