Prometheus metrics about amount of security issues
NissesSenap opened this issue · comments
Discussed in #425
Originally posted by wuestkamp March 11, 2021
Awesome project!
is there a way to get the summaries from the CRDs like this one:
Summary:
Critical Count: 3
High Count: 7
Low Count: 2
Medium Count: 14
None Count: 0
Unknown Count: 0
into Prometheus? I guess I could write a custom app which reads the CRD reports and then converts these into prometheus metrics. Or is there maybe already a general project like that?
Because the operator metrics on 8080/metrics don't include info like that.
I have been using https://github.com/kaidotdev/kube-trivy-exporter for some time now and it works good.
Not sure if this could help with the goal for Starboard.
Thanks for the tip!
I took a quick read of the kube-trivy-exporter and my understanding is that it uses trivy and scans the images for you. It's nice but it's duplicate of what starboard does - the extras features that starboard got.
But if you "only" want vulnerability scanning using trivy it looks like a really good option.
But it looks like good reference when implementing something similar in starboard. And who knows it might be a feature @kaidotdev would be interested in implementing to starboard as well?
👋 @NissesSenap is there any reason why we cannot continue the discussion under #425 ? Now we have two thread to follow.
In general, a GitHub issue would be a finite task with well defined scope so someone can pick it up and implement.
For Prometheus we should first define schema and use cases for scraping custom metrics before we write any code. In particular, justify why / whether metrics are good place for storing vulnerability summaries and how reliable / useful is this approach. Anyway I suggest we move back to #425 and close this one. WDYT?