Vulnerability Management Policy Alerts

Vulnerability Management policies let you evaluate scanned assets and enforce compliance requirements and best practices, focusing on vulnerabilities and other risks associated with images. You can create alerts to trigger upon a failure of a Vulnerability Management policy and send a notification to a configured Notification Channel.

Supported Notification Channels

Sysdig scans regularly through the day. Therefore, rescans of images will likely occur multiple times daily and continue throughout the image’s lifecycle. To avoid alert fatigue, align the type of policy alerting with the appropriate notification channel. As a best practice, set up a test channel first and check the volume and content of alerts are appropriate before connecting to live channels such as production Slack.

Silence Periods

A Silence Period prevents repeated alerts for the same resource and policy combination. This helps reduce alert fatigue and ensures notifications remain actionable.
Available silence period options:

  • 15 Minutes
  • 1 Hour
  • 6 Hours
  • 24 Hours

Alert Configuration Guidelines

  • Scope carefully: Consider both the number of images and workloads a policy applies to, as well as the constraints of attached rules. Both factors will influence the alert volume.
  • Use silence periods: Set an appropriate silence period to control alert frequency for repeated failures on the same resource and policy. No new alert will be generated for that combination during the silence window.
  • Start with a test channel: Always configure a test notification channel to observe alert volume and adjust your policy or silence periods as needed before activating notifications in production.
  • Review policy and rule complexity: More permissive or broader-scoped rules may trigger more frequent alerts; fine-tune policies and rules to balance security needs with operational practicality.
  • Document your alerting workflow: Ensure your team knows which channels are in use and how to respond to policy alerts for compliance or remediation.

Create a Policy Alert

  1. Set up a supported notification channel, such as Email or Slack.
  2. On the Vulnerabilities Policies page, select a desired Pipeline or Runtime policy.
  3. On the Edit Policy screen, under Notifications, specify the following:
  • Enable Notification by using the toggle.
  • Frequency: Specify the frequency of notifications for failed policies. This is the silence period during which no additional notification will be generated.
  • Channel: Select a notification channel.