Harbor Vulnerabilities Exporter

The Harbor Vulnerabilities Prometheus Exporter is a Python script that collects vulnerability information for the latest pushed images in Harbor repositories and generates Prometheus metrics based on the collected data.

Table of Contents

• Introduction
• Features
• Installation
• Configuration
• Usage
• Grafana dashboard
• Versioning
• Contributing
• License

Introduction

Harbor is a container image registry that allows you to store, manage, and secure container images. The Harbor Vulnerabilities Exporter helps you gather vulnerability information for images stored in Harbor repositories and exposes this data as Prometheus metrics, making it easier to monitor security aspects of your images.

Features

• Collects vulnerability information for the latest pushed images in Harbor repositories.
• Exposes vulnerability metrics in Prometheus format.
• Supports parallel processing for improved performance.
• Easily configurable through environment variables.

Installation

Clone the repository:

git clone https://github.com/NCCloud/harbor-vulnerabilities-exporter.git
cd harbor-vulnerabilities-exporter

Install the required Python packages:

pip install -r requirements.txt

Set up your environment variables as described in the [Configuration] section.

Alternatively you can build a docker image for the harbor-vulnerabilities-exporter using the provided Dockerfile in the root of this repository:

docker build -t my-image-tag .

Configuration

You can configure the exporter using environment variables:

• HARBOR_API_URL: API URL of your Harbor instance, for example: 'http://harbor-harbor-harbor-core.harbor/api/v2.0'
• HARBOR_USERNAME: Your Harbor username (optional).
• HARBOR_PASSWORD: Your Harbor password (optional).
• THREADS: Number of parallel threads for API requests (default is 5).
• EXPORTER_PORT: Port for the Prometheus metrics exporter (default is 8000).
• IGNORE_REPOSITORIES: Comma separated list of projects/repositories to ignore in a metrics collecting (optional). For example: 'project/repo1,project/repo2'.

Usage

Run the exporter using the following command:

export HARBOR_API_URL='http://your-harbor-endpoint'
python3 exporter.py

or using container image:

docker run -e HARBOR_API_URL='http://your-harbor-endpoint' -p 8000:8000 my-image-tag

Helm chart

Helm must be installed to use the charts. Please refer to Helm's documentation to get started.

Once Helm has been set up correctly, add the repo as follows:

helm repo add nccloud https://nccloud.github.io/charts

If you had already added this repo earlier, run helm repo update to retrieve the latest versions of the packages. You can then run helm search repo nccloud to see the charts.

To install the exporter chart:

helm install harbor-vulnerabilities-exporter nccloud/harbor-vulnerabilities-exporter

See values for details.

Grafana dashboard

Source code of the dashboard is included in the repository. Here is example of how it may look like:

Versioning

We use SemVer for versioning. To see the available versions, check tags in this repository.

Contribution

We welcome contributions, issues, and feature requests! Also, please refer to our contribution guidelines for details.

License

All functionalities are in beta and is subject to change. The code is provided as-is with no warranties.
Apache 2.0 License



Made with ♥ by Namecheap Cloud Team