Skip to content

Webhook Integration

Trivy Operator allows you to send reports externally to a webhook as they get produced. This is useful in cases where you would like to "set-and-forget" the operator and monitor the reports elsewhere. It's also useful when you have to make decisions based on a report, e.g. prune a vulnerable image, remove a deployment with exposed secrets etc.

The latter use case can be fulfilled by using a SOAR tool Postee. Out of the box, Postee offers a variety of integrations with other third party services such as ServiceNow, Slack, AWS Security Hub and many more.


You can enable the Webhook integration as follows:

  1. Required: Set OPERATOR_WEBHOOK_BROADCAST_URL to the webhook endpoint you'd like to send the reports to.
  2. Optional: Set OPERATOR_WEBHOOK_BROADCAST_TIMEOUT to a time limit that suites your use case. Default is 30s.

The Webhook integration is only able to send vulnerabilityreport and exposedsecretreport type of reports.