A Trivy plugin for sending notifications to a one or more providers.
The currently supported providers are:
- console
- slack
- webhook
Providers can be configured via environment variables.
Multiple providers can be configured via the --providers
flag as a comma-separated list.
When --send-always
is set, the plugin will send notifications even if no scan results were found.
trivy plugin install github.com/madflow/trivy-plugin-notify
trivy <target> --format json --output plugin=notify [--output-plugin-arg plugin_flags] <target_name>
trivy <target> -f json <target_name> | trivy notify [plugin_flags]
trivy image -f json -o plugin=notify --output-plugin-arg "--providers=slack" debian:12
trivy image -f json debian:12 | trivy notify --providers=slack
trivy image -f json debian:12 | trivy notify --providers=slack,webhook
trivy image -f json golang:alpine | trivy notify --providers=slack,webhook --send-always
This provider can be used to pretty-print the results in the console, mainly for debugging purposes.
This provider can be used to send notifications via email using SMTP.
Currently, only vuln
scanning results are supported. If there are no vulnerabilities found in the scan report, sending emails will be skipped.
- Set up an SMTP server and obtain the necessary credentials
- Configure the required environment variables with your SMTP and email details
export EMAIL_DSN="smtps://user:password@smtp.example.com:465"
export EMAIL_FROM="from@example.com"
export EMAIL_TO="to@example.com"
EMAIL_DSN
: The SMTP connection string in the format:
smtp://<user>:<password>@<host>:<port> or smtps://<user>:<password>@<host>:<port>
Example:
For plain SMTP: smtp://user:password@smtp.example.com:587
For SMTPS (TLS): smtps://user:password@smtp.example.com:465
Parameters:
<user>
: The username or email address used for SMTP authentication<password>
: The password for the SMTP server<host>
: The hostname of the SMTP server (e.g., smtp.example.com)<port>
: The port used by the SMTP server (e.g., 587 for SMTP, 465 for SMTPS)
EMAIL_FROM
: The sender's email address (e.g., from@example.com).
EMAIL_TO
: The recipient's email address(es). Multiple recipients can be specified, separated by commas (e.g., to@example.com, another@example.com).
This provider can be used to send notifications to a Slack channel through an HTTP webhook.
Currently only vuln
scanning results are supported. If there are no vulnerabilities found in the scan report, sending Slack notifications will be skipped.
- Set up a Slack Incoming Webhook.
- Set the environment variable
SLACK_WEBHOOK
with your webhook URL.
export SLACK_WEBHOOK="https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
SLACK_WEBHOOK
: The URL of the Slack Incoming Webhook to which the message will be sent.
trivy image -f json debian:12 | trivy notify --providers=slack
This provider allows sending JSON-formatted messages to a specified URL endpoint using HTTP methods like POST
or GET
. It is used to send a types.Report
(from github.com/aquasecurity/trivy/pkg/types
) payload to an endpoint specified by an environment variable.
- Set up an environment variable
WEBHOOK_ENDPOINT
with your webhook URL.
export WEBHOOK_ENDPOINT="https://example.com/webhook"
WEBHOOK_ENDPOINT
: The URL of the webhook to which the message will be sent.WEBHOOK_METHOD
: The HTTP method used to send the message. Defaults toPOST
.
trivy image -f json debian:12 | trivy notify --providers=webhook
- Create CI Variable called
TRIVY_SLACK_WEBHOOK
with the URL of the Slack Incoming Webhook to which the message will be sent.
security-scanning:
stage: cronjobs
image:
name: docker.io/aquasec/trivy:latest
entrypoint: [""]
cache:
paths:
- .trivycache/
rules:
- if: '$CI_PIPELINE_SOURCE == "schedule"'
when: always
- if: '$CI_PIPELINE_SOURCE != "schedule"'
when: never
script:
- trivy plugin install github.com/madflow/trivy-plugin-notify
- trivy repo --format json --scanners vuln -o plugin=notify --output-plugin-arg "--providers=slack" --scanners secret .
variables:
SLACK_WEBHOOK: $TRIVY_SLACK_WEBHOOK
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db