Create Action

​

Trigger a webhook

1. Select Actions in the left menu. Then select Create Action. Fill in the form.
2. Name the action.
3. Add a trigger:
   1. New image version is released
   2. Vulnerability is fixed
4. Add your filters. You can combine as many filters as relevant:
   1. When set to trigger for new image versions, you can filter by image properties:
      1. Image name
      2. Image category & compliance (Compliance may be FIPS or STIG compatibility)
   2. When set to trigger by fixed vulnerabilities, you can filter by image properties (see above) and vulnerability properties:
      1. Severity
      2. Exploitability
5. Add your webhook URL. The webhook client is a simple HTTP client that sends POST requests to the endpoint.
6. Test the action.
7. If the test is successful, select Create Action to enable it.

​

About action webhooks

• The webhook provider receives a single event for each alert. Aggregation is not currently supported.
• Here’s an example of the JSON payload schema sent by the action:

{
  "actionName": "Example Alert",
  "eventType": "newImageVersion",
  "eventTime": "2025-04-10T00:28:59.037085531Z",
  "imageDetails": {
    "name": "mongo",
    "tags": [
      "7.0.18-dev-202504100027",
      "7-dev",
      "7.0.18-dev",
      "7.0-dev"
    ],
    "digest": "sha256:9c45497ff4b8217571e8ae5298719b4912b304617dc6f28db5a4053d3bdc44dc",
    "labels": [
      "databases"
    ],
    "link": "images.minimus.io/gallery/images/mongo/lines/7.0/versions/7.0.18-dev/specification"
  }
}

​

Send email notifications

1. Select Actions in the left menu. Then select Create Action. Fill in the form.
2. Name the action.
3. Add a trigger:
   1. New image version is released
   2. Vulnerability is fixed
4. Add your filters. You can combine as many filters as relevant:
   1. When set to trigger for new image versions, you can filter by image properties:
      1. Image name
      2. Image category & compliance (Compliance may be FIPS or STIG compatibility)
   2. When set to trigger by fixed vulnerabilities, you can filter by image properties (see above) and vulnerability properties:
      1. Severity
      2. Exploitability
5. Select the action Send email.
   1. List recipients (using commas as separators). You can add CC recipients as well.
   2. Optionally, you can add a custom note. The note will be appended to the default messages.
6. Test the action.
7. If the test is successful, select Create Action to enable it.

​

Send Slack alerts

1. Select Actions in the left menu. Then select Create Action. Fill in the form.
2. Name the action.
3. Add a trigger:
   1. New image version is released
   2. Vulnerability is fixed
4. Add your filters. You can combine as many filters as relevant:
   1. When set to trigger for new image versions, you can filter by image properties:
      1. Image name
      2. Image category & compliance (Compliance may be FIPS or STIG compatibility)
   2. When set to trigger by fixed vulnerabilities, you can filter by image properties (see above) and vulnerability properties:
      1. Severity
      2. Exploitability
5. Select the action Send Slack Alert.
   1. Click the button Connect to Slack.
   2. Allow the permissions requested in the popup window. If you are connected to several Slack workspaces, you can select the relevant one from the top right corner.
   3. The form will now show the connected workspace.
   4. List the channels to be notified. The Minimus app can send messages to public channels by default. For private channels, you will need to add the Minimus app to the channel in advance.
   5. Test the action.
6. If the test is successful, select Create Action to enable it.

​

Add the Minimus App to a private Slack channel

1. In your private Slack channel, click the kebab menu in the top right corner.
2. Select Edit settings.
3. Select the Integrations tab.
4. Add the Minimus App.
5. That’s it. Minimus can now notify the channel.

​

Trigger GitHub Actions

1. Select Actions in the left menu. Then select Create Action. Fill in the form.
2. Name the action.
3. Add a trigger:
   1. New image version is released
   2. Vulnerability is fixed
4. Add your filters. You can combine as many filters as relevant:
   1. When set to trigger for new image versions, you can filter by image properties:
      1. Image name
      2. Image category & compliance (Compliance may be FIPS or STIG compatibility)
   2. When set to trigger by fixed vulnerabilities, you can filter by image properties (see above) and vulnerability properties:
      1. Severity
      2. Exploitability
5. Select the action Trigger GitHub Actions.
   1. Click the button Connect to GitHub.
   2. Select the relevant GitHub owner or organization.
   3. Specify the Owner and Repository.
   For example, if your organization GitHub URL looks like https://github.com/myorganization/myproject/ - the owner is myorganization and the repository is myproject.\ 4. Test the connection.
6. If the test is successful, select Create Action to enable it.

​

Troubleshooting the connection to GitHub

• Scroll down if necessary
  If you previously created an action that connected to your GitHub repo, the popup approval window will open in your general GitHub settings menu - https://github.com/settings/profile.
  • Scroll down until you see the section for configuring Repository access.
  • Select the relevant owner and repo as usual and save your selection.
• Reset repository selection if necessary
  Sometimes, if you previously created an action that connected to a private GitHub repo, the popup approval window will apply your previous selection. In this case, the Repository access section will appear to be “locked” on your previous selection with the Save button disabled.
  • To activate the Save button, first change the selection to All repositories.
  • Next, select the relevant owner and repository and save your selection.
  Note that the relevant configuration is also found in your GitHub settings underhttps://github.com/settings/installations.