quay.io exporter
quay-exporter
is a daemon exposing information about your quay.io
repositories as Prometheus metrics. Those metrics can be then used to monitor
the number and severity of vulnerabilities present in the docker images
published in that service.
Install Instructions
Compiling from sources
To run the daemon locally, use:
$ go get github.com/dlespiau/quay-exporter
$ quay-exporter weaveworks
quay-exporter
can access private repositories when provided with an OAUTH 2
bearer token using the -quay-token
command line parameter.
Using the Docker image
Using quay-expoter
from the published Docker image is one command away:
docker run -p 8080:8080 quay.io/damien.lespiau/quay-exporter weaveworks
Deploying on Kubernetes
A sample Deployment manifest is provided to deploy quay-exporter
on a
Kubernetes cluster:
kubectl -n monitoring apply -f quay-exporter-deploy.yaml
Visualize Metrics
To view the available metrics, point your browser at http://localhost:8080/metrics/
:
quay_vulnerabilities{organization="weaveworks",os="debian:9",repository="build-golang",severity="critical"} 7
The latest tag of weaveworks/build-golang
is running a Debian 9 image with
7 known critical vulnerabilities. Fortunately, build-golang
is only used for
building containers images, not running services! Also rebuilding the image
will update the packages in the base image, which will fix the known
vulnerabilities.
Troubleshooting
One can find more information about what the daemon is doing by increasing the log level:
$ quay-exporter -log-level debug weaveworks