Skip to content

Commit

Permalink
Merge pull request #17 from becitsthere/master
Browse files Browse the repository at this point in the history
Undate API to read workload scan results.
  • Loading branch information
becitsthere authored Jan 31, 2020
2 parents 1f7ca1e + 83cf555 commit 758b931
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 28 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,5 +78,5 @@ $ kubectl create -f prometheus.yml
$ sudo docker run -d -p 3000:3000 --name grafana grafana/grafana
```
- After deployed Grafana, open browser and go to: [grafana_host:3000] (example: localhost:3000)
- Login and add Prometheus source, find the `+` on the left bar, select `Import`
- Upload NeuVector dashboard templet JSON file.
- Login and add Prometheus data source from Configurations -> Data Sources
- find the `+` on the left bar, select `Import`. Upload NeuVector dashboard templet JSON file.
42 changes: 16 additions & 26 deletions nv_exporter.py
Original file line number Diff line number Diff line change
Expand Up @@ -219,48 +219,44 @@ def collect(self):
metric = Metric('nv_image_vulnerability',
'image vulnerability of ' + ep, 'gauge')
for c in json.loads(response.text)['summarys']:
response2 = self.get('/v1/scan/registry' + c['name'] + '/images')
response2 = self.get('/v1/scan/registry/' + c['name'] + '/images')
if response2:
for i in json.loads(response2.text)['images']:
for img in json.loads(response2.text)['images']:
metric.add_sample('nv_image_vulnerabilityHigh',
value=i['high'],
value=img['high'],
labels={
'name': c['name'],
'imageid': i['image_id'],
'name': "%s:%s" % (img['repository'], img['tag']),
'imageid': img['image_id'],
'target': ep
})
metric.add_sample('nv_image_vulnerabilityMedium',
value=i['medium'],
value=img['medium'],
labels={
'name': c['name'],
'imageid': i['image_id'],
'name': "%s:%s" % (img['repository'], img['tag']),
'imageid': img['image_id'],
'target': ep
})
yield metric

# Get container vulnerability
response = self.get('/v1/scan/workload')
response = self.get('/v1/workload?brief=true')
if response:
# Set vulnerability metrics
cvlist = []
metric = Metric('nv_container_vulnerability',
'container vulnerability of ' + ep, 'gauge')
for c in json.loads(response.text)['workloads']:
if c['service'] not in cvlist and c[
'service_mesh_sidecar'] is False and c[
'high'] != 0 and c['medium'] != 0:
if (
"-pod-" not in c['service']
and "default" not in c['service']
) or "-pod-00" in c['service'] or "-v1" in c['service']:
if c['service'] not in cvlist and c['service_mesh_sidecar'] is False:
scan = c['scan_summary']
if scan != None and (scan['high'] != 0 or scan['medium'] != 0):
metric.add_sample('nv_container_vulnerabilityHigh',
value=c['high'],
value=scan['high'],
labels={
'service': c['service'],
'target': ep
})
metric.add_sample('nv_container_vulnerabilityMedium',
value=c['medium'],
value=scan['medium'],
labels={
'service': c['service'],
'target': ep
Expand Down Expand Up @@ -306,13 +302,7 @@ def collect(self):
iwnamelist = []
iidlist = []
for c in json.loads(response.text)['incidents']:
try:
c['workload_name']
except KeyError:
workload_exists = False
else:
workload_exists = True
if workload_exists is True:
if 'workload_name' in c:
itimelist.append(c['reported_timestamp'])
inamelist.append(c['name'])
iwnamelist.append(c['workload_name'])
Expand Down Expand Up @@ -341,7 +331,7 @@ def collect(self):
for c in json.loads(response.text)['violations']:
vtimelist.append(c['reported_timestamp'])
vcnamelist.append(c['client_name'])
vnamelist.append(c['cluster_name'])
vnamelist.append(c['name'])
vsnamelist.append(c['server_name'])
vidlist.append(c['client_id'] + c['server_id'])
for x in range(0, min(5, len(vidlist))):
Expand Down

0 comments on commit 758b931

Please sign in to comment.