aws-ecr-image-scan-findings-prometheus-exporter

command module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 2, 2023 License: MIT Imports: 14 Imported by: 0

README

aws-ecr-image-scan-findings-prometheus-exporter

Prometheus Exporter for ECR Image Scan Findings

Preparation

Copy .envrc.sample to .envrc and load them.

$ cp .envrc.sample .envrc
# edit it if needed
# source .envrc
name default required description
AWS_API_INTERVAL 300 false Duration time to call AWS API (in seconds)
IMAGE_TAGS - true Image Tags of the scan target, separated by comma

How to run

Local
$ go run main.go
Binary

Get the binary file from Releases and run it.

Docker
$ docker run chaspy/aws-ecr-image-scan-findings-prometheus-exporter:v0.1.0

Metrics

$ curl -s localhost:8080/metrics | grep aws_custom_ecr_image_scan_findings
# HELP aws_custom_ecr_image_scan_findings ECR Image Scan Findings
# TYPE aws_custom_ecr_image_scan_findings gauge
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="production",name="CVE-2019-2201",package_name="1:1.5.2-2",package_version="1:1.5.2-2",repo_name="rails",severity="LOW"} 1
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="production",name="CVE-2019-2201",package_name="1:1.5.2-2",package_version="1:1.5.2-2",repo_name="nginx",severity="LOW"} 1
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="develop",name="CVE-2020-8174",package_name="10.23.0-1nodesource1",package_version="10.23.0-1nodesource1",repo_name="api",severity="CRITICAL"} 1
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="develop",name="CVE-2020-8174",package_name="4.8.2~dfsg-1",package_version="4.8.2~dfsg-1",repo_name="example",severity="CRITICAL"} 1

IAM Role

The following policy must be attached to the AWS role to be executed.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ecr:DescribeRepositories",
                "ecr:DescribeImageScanFindings",
            ],
            "Resource": "*"
        }
    ]
}

Datadog Autodiscovery

If you use Datadog, you can use Kubernetes Integration Autodiscovery feature.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.