Table of Content

  • Introduction
  • Steps
  • Reference Links


Postee is a simple message routing application that receives JSON input messages through a webhook interface and delivers them based on rules to a set of collaboration systems, including JIRA, Email, Slack, Microsoft Teams, ServiceNow, Splunk, and Generic WebHook.

The primary use of Postee is to act as a notification component for Aqua Security products. It's extremely useful for sending vulnerability scan results or audit alerts from Aqua Platform to collaboration systems.


1. Go to the  GitHub link and clone it your local system.

git clone

2.  Go to the directory postee

cd postee/

3. Build postee image

docker build -t aquasec/postee:latest .

4. To run Postee as a Docker container, you mount the cfg.yaml to '/config/cfg.yaml' path in the Postee container.

docker run -d --name=postee -v /root/postee/cfg.yaml://config/cfg.yaml -e AQUAALERT_CFG=/config/cfg.yaml -e AQUAALERT_URL= -e       AQUAALERT_TLS= -p 8444:8444 -p 8084:8084 aquasec/postee:latest

5. Sample CFG file to alert on email. 

root@ip-10-0-5-107:~/postee# cat cfg.yaml 
- type: common # Common settings for all plugins
AquaServer: # my aqua openshift url
Max_DB_Size: 1000 # Max size of DB. MB. if empty then unlimited
Delete_Old_Data: 10 # delete data older than N day(s). If empty then we do not delete.
DbVerifyInterval: 1 # hours. an Interval between tests of DB. Default: 1 hour

- name: my-email
type: email
enable: true
user: my smtp user # Mandatory: SMTP user name (e.g.
password: my smtp passwd # Mandatory: SMTP password
host: my smtp host # Mandatory: SMTP host name (e.g.
port: 587 # Mandatory: SMTP server port (e.g. 587)
sender: # Mandatory: The email address to use as a sender
recipients: []
Policy-Min-Vulnerability: low # (what is the minimum vulnerability severity that triggers a ticket)
Policy-Non-Compliant: false # Optional. Open a ticket only if image is non-compliant (true) or in any case (false)

6. When the scanning is triggered at Aqua Console, you will get an email like below.

Postee Container Logs at the same time:

Reference Links: