Trivy Operator allows you to send reports externally to a webhook as they get produced. This is useful in cases where you would like to "set-and-forget" the operator and monitor the reports elsewhere. It's also useful when you have to make decisions based on a report, e.g. prune a vulnerable image, remove a deployment with exposed secrets etc.
The latter use case can be fulfilled by using a SOAR tool Postee. Out of the box, Postee offers a variety of integrations with other third party services such as ServiceNow, Slack, AWS Security Hub and many more.
You can enable the Webhook integration as follows:
- Required: Set
OPERATOR_WEBHOOK_BROADCAST_URLto the webhook endpoint you'd like to send the reports to.
- Optional: Set
OPERATOR_WEBHOOK_BROADCAST_TIMEOUTto a time limit that suites your use case. Default is
The Webhook integration is only able to send
exposedsecretreport type of reports.