Skip to main content

No project description provided

Project description

This package exports the Security Vulnerability Alerts from GitHub for all repositories of an organization as Prometheus metrics.

Usage

Configure API token

You’ll need to provide an access token with scope repo to access the GitHub API. See the GitHub documentation for details.

Start HTTP service

Start the HTTP server like this:

$ GITHUB_AUTHTOKEN=MYTOKEN GITHUB_OWNER=MyGitHubOrgOrUser github_vulnerability_exporter --host=127.0.0.1 --port=9597

Pass --ttl=SECONDS to cache GitHub API results for the given time or -1 to disable (default is 600). Prometheus considers metrics stale after 300s, so that’s the highest scrape_interval one should use. However it’s usually unnecessary to hit the API that often, since the vulnerability alert information does not change that rapidly.

Pass --forked if you want to include forked repositories (not sure if they actually receive vulnerability alerts, though).

Configure Prometheus

scrape_configs:
  - job_name: 'vulnerabilities'
    scrape_interval: 1800s
    static_configs:
      - targets: ['localhost:9597']

We export one metric, a gauge called github_vulnerability_alerts, with labels {repository="MyGitHubOrgOrUser/my-repository-name, status="active|dismissed"}.

Additionally, a ghvuln_scrape_duration_seconds gauge is exported.

CHANGES

1.5.0 (2019-06-07)

  • Add in-memory caching so we don’t have to hit the API on each scrape

1.4.0 (2019-06-07)

  • Support collecting data for repositories of either an organization or a user

1.3.0 (2019-06-07)

  • Make listen host configurable

1.2.0 (2019-06-07)

  • Add status label to differentiate between active and dismissed alerts

1.1.0 (2019-06-07)

  • Allow configuring via environment variables as well as command line parameters

1.0.1 (2019-06-07)

  • Increase repository query batch size.

1.0.0 (2019-06-06)

  • First release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for github-vulnerability-exporter, version 1.5.0
Filename, size File type Python version Upload date Hashes
Filename, size github_vulnerability_exporter-1.5.0.tar.gz (5.7 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page