Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prometheus metrics about amount of security issues #719

Closed
NissesSenap opened this issue Sep 23, 2021 Discussed in #425 · 4 comments
Closed

Prometheus metrics about amount of security issues #719

NissesSenap opened this issue Sep 23, 2021 Discussed in #425 · 4 comments

Comments

@NissesSenap
Copy link
Contributor

Discussed in #425

Originally posted by wuestkamp March 11, 2021
Awesome project!
is there a way to get the summaries from the CRDs like this one:

  Summary:
    Critical Count:  3
    High Count:      7
    Low Count:       2
    Medium Count:    14
    None Count:      0
    Unknown Count:   0

into Prometheus? I guess I could write a custom app which reads the CRD reports and then converts these into prometheus metrics. Or is there maybe already a general project like that?
Because the operator metrics on 8080/metrics don't include info like that.
@NissesSenap NissesSenap mentioned this issue Sep 23, 2021
Closed
@wuestkamp
Copy link

I have been using https://github.com/kaidotdev/kube-trivy-exporter for some time now and it works good.
Not sure if this could help with the goal for Starboard.

@NissesSenap
Copy link
Contributor Author

Thanks for the tip!

I took a quick read of the kube-trivy-exporter and my understanding is that it uses trivy and scans the images for you. It's nice but it's duplicate of what starboard does - the extras features that starboard got.
But if you "only" want vulnerability scanning using trivy it looks like a really good option.

But it looks like good reference when implementing something similar in starboard. And who knows it might be a feature @kaidotdev would be interested in implementing to starboard as well?

@danielpacak
Copy link
Contributor

danielpacak commented Sep 28, 2021
edited
Loading

👋 @NissesSenap is there any reason why we cannot continue the discussion under #425 ? Now we have two thread to follow.

In general, a GitHub issue would be a finite task with well defined scope so someone can pick it up and implement.

For Prometheus we should first define schema and use cases for scraping custom metrics before we write any code. In particular, justify why / whether metrics are good place for storing vulnerability summaries and how reliable / useful is this approach. Anyway I suggest we move back to #425 and close this one. WDYT?

@NissesSenap
Copy link
Contributor Author

Ahh sorry about that. I guess the main reason is that the discussion thread is Marked as answer so i guess the discussion was over and it was okay to come with a implementation and we would continue the discussion in the PR.
I will close the issue and jump back to #425

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wuestkamp @danielpacak @NissesSenap