Skip to content

Commit a4b06c1

Browse files
chaspychaspy
committed
Update README
1 parent 78806e2 commit a4b06c1

File tree

1 file changed

+56
-0
lines changed

1 file changed

+56
-0
lines changed

README.md

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,59 @@ $ cp .envrc.sample .envrc
1515
|----|-------|-----------|
1616
|AWS_API_INTERVAL|300|Duration time to call AWS API (in seconds)|
1717
|IMAGE_TAGS|""|Image Tags of the scan target, separated by comma|
18+
19+
## How to run
20+
21+
### Local
22+
23+
```
24+
$ go run main.go
25+
```
26+
27+
### Binary
28+
29+
Get the binary file from [Releases](https://github.com/chaspy/aws-ecr-image-scan-findings-prometheus-exporter/releases) and run it.
30+
31+
### Docker
32+
33+
```
34+
$ docker run chaspy/aws-ecr-image-scan-findings-prometheus-exporter:v0.1.0
35+
```
36+
37+
## Metrics
38+
39+
```
40+
$ curl -s localhost:8080/metrics | grep aws_custom_ecr_image_scan_findings
41+
# HELP aws_custom_ecr_image_scan_findings ECR Image Scan Findings
42+
# TYPE aws_custom_ecr_image_scan_findings gauge
43+
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="production",name="CVE-2019-2201",package_name="1:1.5.2-2",package_version="1:1.5.2-2",repo_name="rails",severity="LOW"} 1
44+
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="production",name="CVE-2019-2201",package_name="1:1.5.2-2",package_version="1:1.5.2-2",repo_name="nginx",severity="LOW"} 1
45+
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="develop",name="CVE-2020-8174",package_name="10.23.0-1nodesource1",package_version="10.23.0-1nodesource1",repo_name="api",severity="CRITICAL"} 1
46+
aws_custom_ecr_image_scan_findings{CVSS2_SCORE="9.3",CVSS2_VECTOR="AV:N/AC:M/Au:N/C:C/I:C/A:C",image_tag="develop",name="CVE-2020-8174",package_name="4.8.2~dfsg-1",package_version="4.8.2~dfsg-1",repo_name="example",severity="CRITICAL"} 1
47+
```
48+
49+
## IAM Role
50+
51+
The following policy must be attached to the AWS role to be executed.
52+
53+
```json
54+
{
55+
"Version": "2012-10-17",
56+
"Statement": [
57+
{
58+
"Sid": "VisualEditor0",
59+
"Effect": "Allow",
60+
"Action": [
61+
"ecr:DescribeRepositories",
62+
"ecr:DescribeImageScanFindings",
63+
],
64+
"Resource": "*"
65+
}
66+
]
67+
}
68+
```
69+
70+
## Datadog Autodiscovery
71+
72+
If you use Datadog, you can use [Kubernetes Integration Autodiscovery](https://docs.datadoghq.com/agent/kubernetes/integrations/?tab=kubernetes) feature.
73+

0 commit comments

Comments
 (0)