Add issue_type label (#50)

Bjørn · web-flow · commit 47b91cdcfa0a · 2021-02-15T10:06:02.000+01:00
Currently it is not possible to separate vulnerability metrics from license issue metrics. License issues was added in afdb810 as a side effect of changing the Snyk API endpoint. This change adds an issue_type label to the exporters metric making it possible to inspect issues related to license or vulnerabilities explicitly.
diff --git a/README.md b/README.md
@@ -75,6 +75,7 @@ The API results are aggregated and recorded on the `snyk_vulnerabiilities_total`
 - `organization` - The organization where the vulnerable project exists
 - `project` - The project with a vulnerability
 - `severity` - The severity of the vulnerability, can be `high`, `medium` and `low`
+- `issue_type` - The type of issue, e.g. `vuln`, `license`
 - `issue_title` - The issue title of the vulnerability, e.g. `Denial os Service (DoS)`. Can be the CVE if the vulnerability is not named by Snyk
 - `ignored` - The issue is ignored in Snyk.
 - `upgradeable` - The issue can be fixed by upgrading to a later version of the dependency.
@@ -83,8 +84,9 @@ The API results are aggregated and recorded on the `snyk_vulnerabiilities_total`
 Here is an example.
 
 ```
-snyk_vulnerabilities_total{organization="my-org",project="my-app",severity="high",issue_title="Privilege Escalation",ignored="false",upgradeable="false",patchable="false"} 1.0
-snyk_vulnerabilities_total{organization="my-org",project="my-app",severity="low",issue_title="Sandbox (chroot) Escape",ignored="true",upgradeable="false",patchable="false"} 2.0
+snyk_vulnerabilities_total{organization="my-org",project="my-app",severity="high",issue_type="vuln",issue_title="Privilege Escalation",ignored="false",upgradeable="false",patchable="false"} 1.0
+snyk_vulnerabilities_total{organization="my-org",project="my-app",severity="low",issue_type="vuln",issue_title="Sandbox (chroot) Escape",ignored="true",upgradeable="false",patchable="false"} 2.0
+snyk_vulnerabilities_total{organization="my-org",project="my-app",severity="medium",issue_type="license",issue_title="MPL-2.0 license",ignored="true",upgradeable="false",patchable="false"} 1
 ```
 
 # Build
diff --git a/main.go b/main.go
@@ -20,6 +20,7 @@ import (
 
 const (
 	projectLabel      = "project"
+	issueTypeLabel    = "issue_type"
 	issueTitleLabel   = "issue_title"
 	severityLabel     = "severity"
 	organizationLabel = "organization"
@@ -34,7 +35,7 @@ var (
 			Name: "snyk_vulnerabilities_total",
 			Help: "Gauge of Snyk vulnerabilities",
 		},
-		[]string{organizationLabel, projectLabel, issueTitleLabel, severityLabel, ignoredLabel, upgradeableLabel, patchableLabel},
+		[]string{organizationLabel, projectLabel, issueTypeLabel, issueTitleLabel, severityLabel, ignoredLabel, upgradeableLabel, patchableLabel},
 	)
 )
 
@@ -263,7 +264,7 @@ func register(results []gaugeResult) {
 	vulnerabilityGauge.Reset()
 	for _, r := range results {
 		for _, result := range r.results {
-			vulnerabilityGauge.WithLabelValues(r.organization, r.project, result.title, result.severity, strconv.FormatBool(result.ignored), strconv.FormatBool(result.upgradeable), strconv.FormatBool(result.patchable)).Set(float64(result.count))
+			vulnerabilityGauge.WithLabelValues(r.organization, r.project, result.issueType, result.title, result.severity, strconv.FormatBool(result.ignored), strconv.FormatBool(result.upgradeable), strconv.FormatBool(result.patchable)).Set(float64(result.count))
 		}
 	}
 }
@@ -309,6 +310,7 @@ func collect(ctx context.Context, client *client, organization org) ([]gaugeResu
 }
 
 type aggregateResult struct {
+	issueType   string
 	title       string
 	severity    string
 	ignored     bool
@@ -318,7 +320,7 @@ type aggregateResult struct {
 }
 
 func aggregationKey(i issue) string {
-	return fmt.Sprintf("%s_%s_%t_%t_%t", i.IssueData.Severity, i.IssueData.Title, i.Ignored, i.FixInfo.Upgradeable, i.FixInfo.Patchable)
+	return fmt.Sprintf("%s_%s_%s_%t_%t_%t", i.IssueData.Severity, i.IssueType, i.IssueData.Title, i.Ignored, i.FixInfo.Upgradeable, i.FixInfo.Patchable)
 }
 
 func aggregateIssues(issues []issue) []aggregateResult {
@@ -328,6 +330,7 @@ func aggregateIssues(issues []issue) []aggregateResult {
 		aggregate, ok := aggregateResults[aggregationKey(issue)]
 		if !ok {
 			aggregate = aggregateResult{
+				issueType:   issue.IssueType,
 				title:       issue.IssueData.Title,
 				severity:    issue.IssueData.Severity,
 				count:       0,
diff --git a/snyk.go b/snyk.go
@@ -137,6 +137,7 @@ type issuesResponse struct {
 
 type issue struct {
 	ID        string    `json:"id,omitempty"`
+	IssueType string    `json:"issueType"`
 	IssueData issueData `json:"issueData,omitempty"`
 	Ignored   bool      `json:"isIgnored"`
 	FixInfo   fixInfo   `json:"fixInfo,omitempty"`

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ import (`
`20`	`20`
`21`	`21`	`const (`
`22`	`22`	`projectLabel = "project"`
	`23`	`+ issueTypeLabel = "issue_type"`
`23`	`24`	`issueTitleLabel = "issue_title"`
`24`	`25`	`severityLabel = "severity"`
`25`	`26`	`organizationLabel = "organization"`
`@@ -34,7 +35,7 @@ var (`
`34`	`35`	`Name: "snyk_vulnerabilities_total",`
`35`	`36`	`Help: "Gauge of Snyk vulnerabilities",`
`36`	`37`	`},`
`37`		`- []string{organizationLabel, projectLabel, issueTitleLabel, severityLabel, ignoredLabel, upgradeableLabel, patchableLabel},`
	`38`	`+ []string{organizationLabel, projectLabel, issueTypeLabel, issueTitleLabel, severityLabel, ignoredLabel, upgradeableLabel, patchableLabel},`
`38`	`39`	`)`
`39`	`40`	`)`
`40`	`41`
`@@ -263,7 +264,7 @@ func register(results []gaugeResult) {`
`263`	`264`	`vulnerabilityGauge.Reset()`
`264`	`265`	`for _, r := range results {`
`265`	`266`	`for _, result := range r.results {`
`266`		`- vulnerabilityGauge.WithLabelValues(r.organization, r.project, result.title, result.severity, strconv.FormatBool(result.ignored), strconv.FormatBool(result.upgradeable), strconv.FormatBool(result.patchable)).Set(float64(result.count))`
	`267`	`+ vulnerabilityGauge.WithLabelValues(r.organization, r.project, result.issueType, result.title, result.severity, strconv.FormatBool(result.ignored), strconv.FormatBool(result.upgradeable), strconv.FormatBool(result.patchable)).Set(float64(result.count))`
`267`	`268`	`}`
`268`	`269`	`}`
`269`	`270`	`}`
`@@ -309,6 +310,7 @@ func collect(ctx context.Context, client *client, organization org) ([]gaugeResu`
`309`	`310`	`}`
`310`	`311`
`311`	`312`	`type aggregateResult struct {`
	`313`	`+ issueType string`
`312`	`314`	`title string`
`313`	`315`	`severity string`
`314`	`316`	`ignored bool`
`@@ -318,7 +320,7 @@ type aggregateResult struct {`
`318`	`320`	`}`
`319`	`321`
`320`	`322`	`func aggregationKey(i issue) string {`
`321`		`- return fmt.Sprintf("%s_%s_%t_%t_%t", i.IssueData.Severity, i.IssueData.Title, i.Ignored, i.FixInfo.Upgradeable, i.FixInfo.Patchable)`
	`323`	`+ return fmt.Sprintf("%s_%s_%s_%t_%t_%t", i.IssueData.Severity, i.IssueType, i.IssueData.Title, i.Ignored, i.FixInfo.Upgradeable, i.FixInfo.Patchable)`
`322`	`324`	`}`
`323`	`325`
`324`	`326`	`func aggregateIssues(issues []issue) []aggregateResult {`
`@@ -328,6 +330,7 @@ func aggregateIssues(issues []issue) []aggregateResult {`
`328`	`330`	`aggregate, ok := aggregateResults[aggregationKey(issue)]`
`329`	`331`	`if !ok {`
`330`	`332`	`aggregate = aggregateResult{`
	`333`	`+ issueType: issue.IssueType,`
`331`	`334`	`title: issue.IssueData.Title,`
`332`	`335`	`severity: issue.IssueData.Severity,`
`333`	`336`	`count: 0,`