Skip to content

celo-org/socket-exporter

BranchesTags

Repository files navigation

socket-dev-exporter

A simple Prometheus exporter to expose Socket.dev scores for the latest versions of @celo NPM packages written in go.

This exporter exposes metrics in port 9101, path /metrics, with the following format:

# HELP socket_score Shows socket.dev packages scores
# TYPE socket_score gauge
socket_score{package="@celo/0x-contracts",score="license",version="2.1.2-0.0"} 0.8629757195290285
socket_score{package="@celo/0x-contracts",score="maintenance",version="2.1.2-0.0"} 0.6968453019359488
socket_score{package="@celo/0x-contracts",score="miscellaneous",version="2.1.2-0.0"} 0
socket_score{package="@celo/0x-contracts",score="quality",version="2.1.2-0.0"} 0.6410426253533731
socket_score{package="@celo/0x-contracts",score="supplychainrisk",version="2.1.2-0.0"} 0.39592272547306173
socket_score{package="@celo/0x-contracts",score="vulnerability",version="2.1.2-0.0"} 0.25
# HELP npm_download_count NPM package download count for a given day
# TYPE npm_download_count gauge
npm_download_count{date="2024-02-18",package="@celo/0x-contracts"} 180
...

Configuration

3 environmental variables are available to configure this exporter:

  • API_TOKEN (REQUIRED): A Socket.dev API token.
  • LOG_LEVEL: The Logrus log level. If not set, defaults to info.
  • PERIOD: The period to refresh the Socket.dev scores, in hours. If not set, defaults to 24.
  • TIMEOUT: The timeout for requests to Socket.dev, in seconds. If not set, defaults to 15.
  • RETRIES: The number of retries for requests to Socket.dev. If not set, defaults to 5.
  • MAX_PACKAGES: The maximum number of packages to fetch metrics for. If not set, limit is removed and all packages processed.

Tests

Tests can be found in main_tests.go.

CI/CD

The CI/CD pipeline is defined as GitHub Action workflow with the following jobs:

  • With each PR, commit to main or release the code will be built and tested.
  • With each PR, a Docker image will be pushed to us-west1-docker.pkg.dev/devopsre/dev-images/socket-exporter with tag test.
  • With each commit to main, a Docker image will be pushed to us-west1-docker.pkg.dev/devopsre/socket-exporter/socket-exporter with tag latest.
  • With each release, a Docker image will be pushed to us-west1-docker.pkg.dev/devopsre/socket-exporter/socket-exporter with the same tag as the release tag.

The Dockerfile for building the Docker image can be found here.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 4

v0.1.0 Latest
Jan 19, 2024
+ 3 releases

Packages

No packages published

Contributors 5

Languages