Actions

Minimus actions help you effortlessly keep up with security updates related to your Minimus images. Set up Minimus actions to trigger alerts for new image versions and security updates. Actions are used to notify teams as soon as a new version and/or a security fix is released.

Keeping up with security patching can be intense unless you establish a reliable routine. While Minimus images will typically be clean of any vulnerabilities when you first deploy them, they will eventually accrue vulnerabilities and require updates for security reasons. Actions can notify you when a fix to an active exploit is released so that you can expedite testing and deploy the update sooner.

​

Types of Triggers

Actions boost your security posture by ensuring that you can respond proactively whenever:

• A new image version is released.

  You can add filters to alert on specific images or specific image lines. The alert is sent when a new image version is first released, but not for new digest IDs.

• A vulnerability was fixed.

  You can add filters to focus on active exploits or those likely to be exploited or by CVSS severity.

​

Types of Actions

Minimus currently supports only webhook actions. Email and Slack messages and Jira events are planned for the near future.

​

Recommended Actions

We recommend triggering an action when an:

• Vulnerability labeled as an active exploit was fixed in an image line you are currently using. Active exploits are vulnerabilities known to be exploited in the wild that have been added to the CISA KEV catalog. Learn more
• Vulnerability labeled as likely to be exploited was fixed in an image line you are currently using. This exploitability label means the vulnerability has an extremely high EPSS score, marking it as a serious risk. Learn more

Actions help you stay ahead of your security risks. You can set actions to automatically pull the update or notify you over a variety of channels. Webhooks are guaranteed to save you valuable time.

​

Create an Action

1. Select Actions in the left menu. Then select Create Action. Fill in the form.
2. Name the action.
3. Add a trigger:
   1. New image version is released
   2. Vulnerability is fixed
4. Add your filters. You can combine as many filters as relevant:
   1. When set to trigger for new image versions, you can filter by image properties:
      1. Image name
      2. Image category & compliance (Compliance may be FIPS or STIG compatibility)
   2. When set to trigger by fixed vulnerabilities, you can filter by image properties (see above) and vulnerability properties:
      1. Severity
      2. Exploitability
5. Add your webhook URL. The webhook client is a simple HTTP client that sends POST requests to the endpoint.
6. Test the action.
7. If the test is successful, select Create Action to confirm the action and enable it.

​

About Webhooks

• The webhook provider receives a single event for each alert. Aggregation is not currently supported.
• Here’s an example of the JSON payload schema sent by the action:

{
  "actionName": "Example Alert",
  "eventType": "newImageVersion",
  "eventTime": "2025-04-10T00:28:59.037085531Z",
  "imageDetails": {
    "name": "mongo",
    "tags": [
      "7.0.18-dev-202504100027",
      "7-dev",
      "7.0.18-dev",
      "7.0-dev"
    ],
    "digest": "sha256:9c45497ff4b8217571e8ae5298719b4912b304617dc6f28db5a4053d3bdc44dc",
    "labels": [
      "databases"
    ],
    "link": "images.minimus.io/gallery/images/mongo/lines/7.0/versions/7.0.18-dev/specification"
  }
}

​

Actions List

You can search the list of actions by any attribute, including the action name, state, and trigger.

The table includes the following:

• Action name

• Trigger

• Action (Webhook)

• Enabled/Disabled state.

  Hover over a line to toggle the state and disable or enable an action.

​

Edit an Action

Hover over an action in the table and select the edit button (). You can edit all fields in the action form and save your changes.