Today’s engineering teams rely on an ecosystem of tools, from CI/CD pipelines, to ticketing systems, messaging apps, monitoring systems, and more. With so many different tools, integration and automation are essential to ensure that information is shared across tools and teams and that manual bottlenecks to critical development processes are eliminated.
That's why our Action Providers feature is so important: it gives you a lightweight way to trigger automated responses whenever a container image is updated or a vulnerability is fixed. Whether you're notifying your team on Slack or kicking off a security scan via webhook, Action Providers let you act on change, rather than being overwhelmed by it.
Action Providers are integration points within our platform that allow users to define automated workflows in response to when a new image is released or when a vulnerability is fixed. As we’re constantly monitoring and acting on over 10,000 projects that make up all your images, these update events occur frequently.
Think of them as event-driven hooks, scoped and structured to ensure your container images are consistently at the highest update level.
Action Providers integrate with the tools your team already uses, enabling automation across your entire ecosystem. They help you get the right information to the right people at the right time, while eliminating annoying, repetitive tasks. With Action Providers, you can define workflows based on your own business logic, keeping your team focused on what matters most.
Using Action Providers helps your team respond to changes in your container ecosystem quickly, consistently, and efficiently. Action Providers can be used to:
There are many different providers in our platform, including GitHub Actions, Slack, Email, and Webhook. You can trigger workflows with these providers, or use them to keep people informed. GitHub Actions are very popular, and our native integration means that OAuth is covered. With our Slack integration, we can automatically let teams know when something has changed or even trigger additional workflows you already have with Slack apps.
Don’t see your provider in Minimus? Don’t worry: Email and webhook allow us to integrate with other workflow tools and beyond. Want to send an update to Zulip? Use emails to an email bridge or webhook. Need to trigger a workflow in a system we don’t natively support (yet)? Our webhook should have you covered.
To make use of our Action Providers, you need to set up rules. These are the rules that will trigger when the appropriate event occurs. You can set up multiple actions for multiple images to fully customize your response requirements.
Let’s walk through a couple of real-world scenarios where Action Providers shine:
Keep your SRE team informed when a new version of a base image is published, and respond before vulnerabilities reach production.
Example:
An updated base image triggers a Slack notification to #platform-alerts, prompting a security engineer to review and approve a downstream deployment.
Use a webhook to trigger a GitHub Action that runs a compliance check or kicks off a deployment once an image is verified.
Example: An image digest update sends a webhook to a GitHub repo, triggering a workflow that runs Trivy for vulnerability scanning, then deploys if the scan passes.
What is actually sent when an Action Rule is triggered? Here is an example webhook payload:
{
"actionName": "Example Alert",
"eventType": "newImageVersion",
"eventTime": "2025-04-10T00:28:59.037085531Z",
"imageDetails": {
"name": "mongo",
"tags": [
"7.0.18-dev-202504100027",
"7-dev",
"7.0.18-dev",
"7.0-dev"
],
"digest": "sha256:9c45497ff4b8217571e8ae5298719b4912b304617dc6f28db5a4053d3bdc44dc",
"labels": [
"databases"
],
"link": "images.minimus.io/gallery/images/mongo/lines/7.0/versions/7.0.18-dev/specification"
}
}
As you can see, this payload contains rich data. Meaning you could easily customize further, beyond all our built-in customization rules, to trigger workflows tailored to your environment.
It only takes two minutes to set up your first Action Provider. Navigate to the Actions section in the dashboard and select “Create Action”.
Please note: Actions are only available to our subscribed Organizational users, not users on single, personal accounts.
As you populate each field, more relevant refinement options will appear and guide you through setting up the action. The final step in setting up your action is to use the test function.
For full documentation, visit https://docs.minimus.io/remediate/actions.
We believe that our customers are now well covered with Action Providers. Our email and webhook providers should be able to cover any outliers. That being said, we’re building Action Providers to be as flexible and user-friendly as the rest of the Minimus platform, and your feedback shapes what comes next.
By turning image events into actionable triggers, Action Providers make it easier to stay ahead of change and keep your systems secure, informed, and responsive.
Log in to Minimus to set up your first Action Provider. If you’re not yet making use of our Organization-level subscription, contact us for a full demo of our enterprise features.
