-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prometheus Metrics Endpoint #346
Comments
Nice suggestion. I think this improvement can be done step by step. It is not difficult to add Prometheus metrics endpoint. Welcome PR! |
Hi @knqyf263 , I am new to open source dev although I have had experience working with git extensively and some experience with golang too. So, can I hop on to developing a PR for this issue considering the "good first issue" label? |
Hi @yashvardhan-kukreja, thank you for your interest! Yes, it would be helpful. As a first step, we can just return the database information such as Here is the server mux. You can get the database metadata like the following. |
Hi @knqyf263, sorry I was caught up with some crucial work since one month. Now, I am back on this. |
Hi @yashvardhan-kukreja, this is OSS project, so you don't have to apologize that you don't have time to work on this issue. I'm so grateful for your contribution! AFAIK, we couldn't delete a PR on GitHub. It is enough to close the PR. |
@knqyf263 , @computeralex92 , I have a few basic doubts with this issue. Please clarify them:
|
@yashvardhan-kukreja First of course thank you for implementing this idea. Regarding your questions:
Correct.
Correct.
No glue, sorry. |
@computeralex92 thanks for the quick and well descriptive reply. It cleared out all the things. |
@computeralex92 @knqyf263 , on ideating upon how to export metrics for On So, here, I was using DBUpdate metric as a counter with "time" as the label. So, basically, for every timestamp, the counter for it will be created. So, basically, if I implement this, then, in trivy, whenever a DB Update occurs, for example at 2020-06-26 14:54:38, then an entry So, with that I believe we would be easily able to fetch the Last DB Update and we can even further plot all the times when DB Update happened and we find something like the So should I go on and implement this and if not then would you like to suggest any other way of storing DB Update metrics and displaying them at /metrics endpoint? |
Hi, nice work,so far. If i might.. a suggestion from the prometheus standpoint:
You could still see from the metrics when the updates did happen? PS: you might alsow want to check the prometheus guide about naming convention, but that's probably more cosmetics ;) |
Thanks for the suggestion, @strowi. So, just to confirm, everytime a DB Update will happen, trivy will just overwrite I hope I am right? |
@yashvardhan-kukreja yes, you will always get the latest unix-timestamp in a single metric which gets overwritten. Otherwise if the labels change prometheus sees this as a somewhat different metric. For Example: Using tagged build, you will get a metric for a specific image:
But if you update the image (maybe fixing the vulnerabilities), you create another metric:
If you have an alert on this, you will still get the alerts for the previous image.. Same principle for DB-updates. |
This seems like a fabulous approach to me @strowi , thanks a lot for this. |
@yashvardhan-kukreja It looks fine to me! |
parent 4b57c0d author Simarpreet Singh <simar@linux.com> 1594135002 -0700 committer Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 1597228077 +0530 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEo6kc/h77LUwnQeM/dxKAODWqo7oFAl8zxC0ACgkQdxKAODWq o7pG3g//VIXCQt6z8dhORimZEAXLbwI7WuUYxkkGGKceuhCWwEs7HVJLkNBiIml1 6gDnc8sMkG7FqFGAi5RHvdez9vqWZRxaoWgJ2J39u/sTow3QEwvzIAdjG7+4LHOs 7mgg82qQp5Vb0UVudEitc3bqukoO61B0pszC3S8wacq3uWfq5IPRvVePBA0SD9+W jykmLzVp5NGeKRnOCuJw9HkRP9+lKfCJwb4K8xbTjJjuWUDj9k6oRV1XKNQcyWCi KzEEV1snKne8dsUYPf9dN6FuJFi6c+a4L7vX96dlKLKJDQD0y1qQHhdBSNwqP7Wj RHL/WuMt3Yx6sZe30dPA3I7Tj2zizodjRs+Qst1Jfyjv/5e4Ap2gqmf39pse4O8n Ct4UA+5zTsulyT/5aUa/gIYFUH+luznCqiYoQtQ7TgELtcVOcgGfJciq+kPp6NWP GS2IcBH/XSOkQ4nRQrbQ/vutItYNUcE2Oe0xLerTih3+Sx+SKufSecLoSqOTgJdG TEqU6UkZB3mV3Y5j9MYmvF2Yvq+Ll2tw5FzxLA6kg+eTa1ochn/xwi11/kDQYqf3 CkH8Z4/ZgHx5xHwLkLxMleaiQP3EbyxaEBZYgzrOzp8rnT4HU+FeSUrkqlcyBrRN HSFMQlKXq+o/yfgVVh51LyGSFlHncVm1Jv6UirsGj7NAvso+BqA= =QhX4 -----END PGP SIGNATURE----- # This is a combination of 6 commits. # This is the 1st commit message: db: Update trivy-db to include CVSS score info (aquasecurity#530) * mod: Update trivy-db to include CVSS score info Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Update go.mod Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Update trivy-db to latest Signed-off-by: Simarpreet Singh <simar@linux.com> # This is the commit message aquasecurity#2: Adding contrib/junit.tpl to docker image (aquasecurity#554) # This is the commit message aquasecurity#3: Fixing `Error retrieving template from path` when --format is not template but template is provided (aquasecurity#556) # This is the commit message aquasecurity#4: added: display last db update whenever trivy server is started in trivy client/server setup # This is the commit message aquasecurity#5: Added: entry for prometheus/client_golang package # This is the commit message aquasecurity#6: Added: prometheus metrics endpoint support for Last DB Update and Last DB Update Attempt metric # This is the commit message aquasecurity#7: Added: entry for prometheus/client_golang package # This is the commit message aquasecurity#8: Added: prometheus metrics endpoint support for Last DB Update and Last DB Update Attempt metric # This is the commit message aquasecurity#9: Refactored: Shifted the GaugeVec global var to config.go . Removed unnecessarily repeated vars. Added nil check for GaugeVec # This is the commit message aquasecurity#10: Added: Nil GaugeVec Fail check # This is the commit message aquasecurity#11: Added: nil check for metrics registry # This is the commit message aquasecurity#12: Modified: tests with respect to nil metrics registry # This is the commit message aquasecurity#13: Merge with master # This is the commit message aquasecurity#14: Merge branch 'master' into issue-aquasecurity#346 # This is the commit message aquasecurity#15: Resolved merge conflicts # This is the commit message aquasecurity#16: Resolved merge conflicts # This is the commit message aquasecurity#17: feat(vulnerability): add CWE-ID (aquasecurity#561) * chore(mod): update dependency * test(vulnerability): add CweIDs
Hi, i`m very interested in this feature. Cheers, Daniel |
hi guys, what's the status of this? |
Ping! :) |
1 similar comment
Ping! :) |
…quasecurity#346) * chore: remove general rules to prepare for tfsec scanner decoupling
hi guys, still no updates on this? :( it would be a really helpful feature! |
We are interested into this to. Maybe one of our endava go developer can create a PR for it. |
Ping! :) |
Ping ! |
It is probably not the answer you want, but at the moment we don't have enough maintainers, so we are concentrating our resources on Trivy Operator rather than extending the Trivy server. The operator supports Prometheus. You can use it. We hope for your kind understanding. |
For anyone stumbling on this.. i threw together a small bash script that can check all images running in a cluster. and pushed the metrics to a pushgateway. |
In a server / client setup it would be great if Trivy would expose some metrics about the scans happen with the central server.
Some useful metrics for my implementation:
As Trivy is build to scan Docker Images, I would suggest to provide such metrics via a Prometheus metrics endpoint because Prometheus is quite popular in the Docker / Kubernetes community.
The text was updated successfully, but these errors were encountered: