Automating vulnerability monitoring with Snyk, Prometheus and Grafana
Snyk Blog on Snyk_Exporter
https://snyk.io/blog/vulnerability-monitoring-with-snyk-prometheus-and-grafana/
The YouTube between the Lunar team, who developed the Snyk_Exporter, and Snyk
https://www.youtube.com/watch?v=zJsxAx7MKKk
Get the files of the project, and set environment variables below
- SNYK_TOKEN - set Snyk Group level API TOKEN, either of service account or a PAT
- SNYK_ORG_1 - set Snyk Org ID of one org
- SNYK_ORG_2 - set Snyk Org ID of other org
Three environment variables above would be reflected in app/docker-compose.yml, lines 17 to 19.
- More Snyk Org's may be added to include projects from more Snyk Org's displayed in the dashboard.
-
start
DockerDesktop, and wait for DockerDesktop to get started -
From the directory,
app, run the command,docker-compose up -d -
Use a web browser to access URLs below:
3.1. Grafana - http://localhost:3000/
3.1.1. Default UserId/Password : `admin/admin`3.2. Prometheus - http://localhost:9090/targets?search=
3.2.1. Confirm both targets of prometheus is OK in status
Run the command, curl http://localhost:9532/metrics
4.1. Response of the CURL without Snyk API response on issues
4.2. Reponse of the CURL with Snyk API response on issues
5. Access Grafana dashboard after you see issues of projects from Snyk API in response of CURL
- To stop the POC dashboard, enter the command,
docker-compose down -v
- Reminder: Grafana dashboard is in read-only mode. Grafana config files would need to be adjusted to create/adjust the dashboard.