Gathering detailed insights and metrics for @toolisticon/oc-routes-prometheus-exporter
Installations
npm install @toolisticon/oc-routes-prometheus-exporterDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.20.3
NPM Version
10.7.0
Score
40
Supply Chain
83.7
Quality
89.9
Maintenance
25
Vulnerability
94.8
License
Releases
34
Contributors
1
Unable to fetch Contributors
Languages
3
JavaScript
Dockerfile
Shell
JavaScript (63.91%)
Dockerfile (30.96%)
Shell (5.14%)
validate.email 🚀
Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.
Developer
toolisticon
Download Statistics
Total Downloads
100,017
Last Day
253
Last Week
493
Last Month
959
Last Year
15,651
GitHub Statistics
MIT License
3 Stars
770 Commits
1 Forks
2 Watchers
10 Branches
1 Contributors
Updated on Mar 05, 2025
Maintainers
2
Package Meta Information
Latest Version
1.2.19
Package Id
@toolisticon/oc-routes-prometheus-exporter@1.2.19
Unpacked Size
40.19 kB
Size
14.02 kB
File Count
22
NPM Version
10.7.0
Node Version
18.20.3
Published on
Jun 14, 2024
Total Downloads
Cumulative downloads
Total Downloads
100,017
Last Day
150.5%
253
Compared to previous day
Last Week
22.9%
493
Compared to previous week
Last Month
-41.3%
959
Compared to previous month
Last Year
-58.5%
15,651
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Monitor OpenShift Routes in Prometheus
Usage
This nodejs application assumes that the container in which the application is running has already a valid OpenShift session. The entrypoint will try to autologin via a service account. So all you need is to create a image with the desired openschift installed:
FROM toolisticon/oc-routes-prometheus-exporter:latest
ENV SUMMARY="openshift-ssl-verify runtime image"
ENV DESCRIPTION="openshift-ssl-verify runtime"
ENV TZ="Europe/Berlin"
ENV OPENSHIFT_VERSION=3.10.0
ENV NVM_DIR="$HOME/.nvm"
ENV CONSOLE_LOG="true"
ENV LOG_LEVEL="INFO"
LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="sslverify" \
io.openshift.tags="security,sslverify,platform" \
com.redhat.component="sslverify-container"
USER 0
# Update
RUN yum -y update && yum clean all && rm -rf /var/cache/yum
# Install oc and jq
RUN yum -y install centos-release-openshift-origin && \
yum -y install origin-clients-${OPENSHIFT_VERSION} && \
yum -y install epel-release && yum -y install jq
USER 1000
The pod should start with this output:
Now using node v8.15.0 (npm v6.4.1)
[2019-01-18T14:59:04.929Z] prometheus-exporter listening at 9000
[2019-01-18T15:00:00.005Z] Triggering check
[2019-01-18T15:00:00.006Z] Start reading route information.
[2019-01-18T15:00:05.133Z] Start triggering scan.
Sample Values
The metrics are available via via localhost:9000 on the pod:
security_ssl_mozilla_observatory{algorithm_version="2",end_time="1548079211000",grade="D",hidden="false",likelihood_indicator="MEDIUM",scan_id="9806703",score="35",start_time="1548079207000",state="FINISHED",status_code="404",tests_failed="3",tests_passed="9",tests_quantity="12",url="sample-config.sample.com",name="sample-config",namespace="project2",labels_app="myapp",labels_environment="dev",} 35.0
security_ssl_details{valid="true",valid_from="1545553135000",valid_to="1553329135000",days_remaining="60",url="api-test.sample.com",status="200",name="api-test",namespace="project1",labels_app="myapp",labels_environment="test",} 200.0
security_ssl_expire_days_remaining{url="api-test.sample.com",name="api-test",namespace="project1",labels_app="myapp",labels_environment="test",} 60.0
If you want to complete use
Configuration
You can override the config via environment variables:
OPENSHIFT_MASTER_URL
SERVER_PORT: // set desired port for prometheus endpoint, defaults to 9000
CRON: // set cron pattern, default is '0 0 * * * *',
LOG_LEVEL: // set log level, default is 'ERROR' ('INFO' outputs details info),
CONSOLE_LOG: // set to true to omit logging to file, otherwise logs will be written to `logs` dir
You'll find a Grafana Dashboard here:
Troubleshooting
Access denied
If the service account does not have access to projects, you will see this message
Logged into "https://...:8443" as "system:serviceaccount:security:sslverify" using the token provided.
You don't have any projects. Contact your system administrator to request a project.
Welcome! See 'oc help' to get started.
SSL error
If you see this kind of error:
error: The server uses a certificate signed by unknown authority. You may need to use the --certificate-authority flag to provide the path to a certificate file for the certificate authority, or --insecure-skip-tls-verify to bypass the certificate check and use insecure connections.
you are using the internal kubernetes host which might be secured by self-signed certificates. Either use the public endpoint with proper ssl certificates or install the certificate to the keystore.
Development
Debug
To debug run the following command:
node --inspect-brk index.js
To debug unit tests:
npm run test:debug
No vulnerabilities found.
Reason
14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build.yml:39
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/toolisticon/oc-routes-prometheus-exporter/codeql-analysis.yml/develop?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating registry.access.redhat.com/ubi8/ubi-init:latest to registry.access.redhat.com/ubi8/ubi-init:latest@sha256:357be2adb330e43c2b11d5ad02ae33448cdf22e52df9abc3fbfa00d23bc2492c
- Warn: downloadThenRun not pinned by hash: Dockerfile:32-38
- Warn: npmCommand not pinned by hash: Dockerfile:32-38
- Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr
- Warn: Project is vulnerable to: GHSA-hw8r-x6gr-5gjp
- Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.8
/10
Last Scanned on 2025-03-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More