{"id":18834018,"url":"https://github.com/jetstack/dependency-track-exporter","last_synced_at":"2025-07-06T10:07:25.047Z","repository":{"id":37834364,"uuid":"471061036","full_name":"jetstack/dependency-track-exporter","owner":"jetstack","description":null,"archived":false,"fork":false,"pushed_at":"2024-08-03T21:37:44.000Z","size":160,"stargazers_count":24,"open_issues_count":15,"forks_count":6,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-04-14T05:06:10.630Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jetstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-03-17T16:35:23.000Z","updated_at":"2025-02-11T14:56:56.000Z","dependencies_parsed_at":"2024-06-19T05:29:39.105Z","dependency_job_id":"82b09304-1c19-48e1-81d9-0a388704067b","html_url":"https://github.com/jetstack/dependency-track-exporter","commit_stats":{"total_commits":66,"total_committers":4,"mean_commits":16.5,"dds":0.4696969696969697,"last_synced_commit":"d399924830de9c79ea911825ab0201e09397f341"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/jetstack/dependency-track-exporter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fdependency-track-exporter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fdependency-track-exporter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fdependency-track-exporter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fdependency-track-exporter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jetstack","download_url":"https://codeload.github.com/jetstack/dependency-track-exporter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fdependency-track-exporter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263882286,"owners_count":23524461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T02:06:20.102Z","updated_at":"2025-07-06T10:07:25.023Z","avatar_url":"https://github.com/jetstack.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dependency-Track Exporter\n\nExports Prometheus metrics for [Dependency-Track](https://dependencytrack.org/).\n\n## Usage\n\n```\nusage: dependency-track-exporter [\u003cflags\u003e]\n\nFlags:\n  -h, --help                Show context-sensitive help (also try --help-long and --help-man).\n      --web.config.file=\"\"  [EXPERIMENTAL] Path to configuration file that can enable TLS or authentication.\n      --web.listen-address=\":9916\"\n                            Address to listen on for web interface and telemetry.\n      --web.metrics-path=\"/metrics\"\n                            Path under which to expose metrics\n      --dtrack.address=DTRACK.ADDRESS\n                            Dependency-Track server address (default: http://localhost:8080 or $DEPENDENCY_TRACK_ADDR)\n      --dtrack.api-key=DTRACK.API-KEY\n                            Dependency-Track API key (default: $DEPENDENCY_TRACK_API_KEY)\n      --log.level=info      Only log messages with the given severity or above. One of: [debug, info, warn, error]\n      --log.format=logfmt   Output format of log messages. One of: [logfmt, json]\n      --version             Show application version.\n```\n\nThe API key the exporter uses needs to have the following permissions:\n- `VIEW_POLICY_VIOLATION`\n- `VIEW_PORTFOLIO`\n\n## Metrics\n\n| Metric                                          | Meaning                                                               | Labels                                           |\n| ----------------------------------------------- | --------------------------------------------------------------------- | ------------------------------------------------ |\n| dependency_track_portfolio_inherited_risk_score | The inherited risk score of the whole portfolio.                      |                                                  |\n| dependency_track_portfolio_vulnerabilities      | Number of vulnerabilities across the whole portfolio, by severity.    | severity                                         |\n| dependency_track_portfolio_findings             | Number of findings across the whole portfolio, audited and unaudited. | audited                                          |\n| dependency_track_project_info                   | Project information.                                                  | uuid, name, version, active, tags                |\n| dependency_track_project_vulnerabilities        | Number of vulnerabilities for a project by severity.                  | uuid, name, version, severity                    |\n| dependency_track_project_policy_violations      | Policy violations for a project.                                      | uuid, name, version, state, analysis, suppressed |\n| dependency_track_project_last_bom_import        | Last BOM import date, represented as a Unix timestamp.                | uuid, name, version                              |\n| dependency_track_project_inherited_risk_score   | Inherited risk score for a project.                                   | uuid, name, version                              |\n\n## Example queries\n\nRetrieve the number of `WARN` policy violations that have not been analyzed or\nsuppressed:\n\n```\ndependency_track_project_policy_violations{state=\"WARN\",analysis!=\"APPROVED\",analysis!=\"REJECTED\",suppressed=\"false\"} \u003e 0\n```\n\nExclude inactive projects:\n\n```\ndependency_track_project_policy_violations{state=\"WARN\",analysis!=\"APPROVED\",analysis!=\"REJECTED\",suppressed=\"false\"} \u003e 0\nand on(uuid) dependency_track_project_info{active=\"true\"}\n```\n\nOnly include projects tagged with `prod`:\n\n```\ndependency_track_project_policy_violations{state=\"WARN\",analysis!=\"APPROVED\",analysis!=\"REJECTED\",suppressed=\"false\"} \u003e 0\nand on(uuid) dependency_track_project_info{active=\"true\",tags=~\".*,prod,.*\"}\n```\n\nOr, join the tags label into the returned series. Filtering on active/tag could\nthen happen in alert routes:\n\n```\n(dependency_track_project_policy_violations{state=\"WARN\",analysis!=\"APPROVED\",analysis!=\"REJECTED\",suppressed=\"false\"} \u003e 0)\n* on (uuid) group_left(tags,active) dependency_track_project_info\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjetstack%2Fdependency-track-exporter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjetstack%2Fdependency-track-exporter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjetstack%2Fdependency-track-exporter/lists"}