Expose metrics regarding vulnerabilities in Prometheus exporter
🚀 Feature request
Suggest an idea for dependabot-gitlab
Is there an existing issue for this?
Please search existing issues to avoid creating duplicates
-
I have searched the existing issues
Feature description
Hello!
Recently I have discovered, that there are some Prometheus metrics exposed by dependabot (sidekiq_xxx
), however those are not very useful from security department point of view. Would it be possible to add some metrics (of type gauge) regarding vulnerabilities, gathered during last dependabot scan?
It would also be a nice feature to have a metric when the last scan was completed (so we could monitor if dependabot was not able to perform a scan due to, for example, permission issues)
For example:
vulnerabilities_found{severity="critical", group="some_group", project="some_project"} 3
vulnerabilities_found{severity="high", group="some_group", project="some_project"} 10
last_scan_since_epoch_seconds{group="some_group", project="some_project"} 1667223520
Best regards, Dominik
Edited by George Koltsov