Add GHAS security vulnerability counts to Git Provider Receiver

Question

Add GHAS security vulnerability counts to Git Provider Receiver

Closed this issue 8 months ago · 1 comments

Overview

Add a metric for number of GHAS identified security vulnerabilities. This should be achievable through a GraphQL query and incorporated into the github scraper.

A quick vulnerability count per repository GraphQL query could mirror what is below but requires some TLC.

query getRepo($name: String!, $owner: String!){
  repository(name: $name, owner: $owner) {
    id
    vulnerabilityAlerts(first: 100) {
      edges {
        node {
          id
        }
      }
    }
  }
}

Things to note:

this would only be for the github scraper. This may be difficult as it may require a metadata.yaml within the scraper, but not be supported by the way we've written the code & might require some refactor
the metric should be disabled by default requiring the config feature flag
attributes should be attached which includes repo name, severity, and CVE number (maybe).

Tasks

Preview Give feedback

Promote to delivery collector and start getting this metrics.
Make sure any tickets are created to update visualization and other metrics
Options

Answer 1 · 2024-04-16T20:27:41.000Z

This should be attached to a new milestone focused around engineering defaults & opinions. Will do that later