aws-ecr-image-scan-findings-prometheus-exporter

command module

v0.1.5 Latest Latest Go to latest Published: Jul 2, 2023 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chaspy/aws-ecr-image-scan-findings-prometheus-exporter

Links

Open Source Insights

README ¶

aws-ecr-image-scan-findings-prometheus-exporter

Prometheus Exporter for ECR Image Scan Findings

Preparation

Copy .envrc.sample to .envrc and load them.

$ cp .envrc.sample .envrc
# edit it if needed
# source .envrc

name	default	required	description
AWS_API_INTERVAL	300	false	Duration time to call AWS API (in seconds)
IMAGE_TAGS	-	true	Image Tags of the scan target, separated by comma

How to run

Local

$ go run main.go

Binary

Get the binary file from Releases and run it.

Docker

$ docker run chaspy/aws-ecr-image-scan-findings-prometheus-exporter:v0.1.0

Metrics

$ curl -s localhost:8080/metrics | grep aws_custom_ecr_image_scan_findings
# HELP aws_custom_ecr_image_scan_findings ECR Image Scan Findings
# TYPE aws_custom_ecr_image_scan_findings gauge
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="production",name="CVE-2019-2201",package_name="1:1.5.2-2",package_version="1:1.5.2-2",repo_name="rails",severity="LOW"} 1
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="production",name="CVE-2019-2201",package_name="1:1.5.2-2",package_version="1:1.5.2-2",repo_name="nginx",severity="LOW"} 1
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="develop",name="CVE-2020-8174",package_name="10.23.0-1nodesource1",package_version="10.23.0-1nodesource1",repo_name="api",severity="CRITICAL"} 1
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="develop",name="CVE-2020-8174",package_name="4.8.2~dfsg-1",package_version="4.8.2~dfsg-1",repo_name="example",severity="CRITICAL"} 1

IAM Role

The following policy must be attached to the AWS role to be executed.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ecr:DescribeRepositories",
                "ecr:DescribeImageScanFindings",
            ],
            "Resource": "*"
        }
    ]
}

Datadog Autodiscovery

If you use Datadog, you can use Kubernetes Integration Autodiscovery feature.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL