{"id":41591420,"url":"https://github.com/messagebird/gcppromd","last_synced_at":"2026-01-24T09:31:36.943Z","repository":{"id":33898559,"uuid":"136359896","full_name":"messagebird/gcppromd","owner":"messagebird","description":"Prometheus GCP discovery ","archived":false,"fork":false,"pushed_at":"2024-01-23T01:23:09.000Z","size":4755,"stargazers_count":18,"open_issues_count":2,"forks_count":8,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-06-19T00:39:57.256Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/messagebird.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOGS/.gitignore","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-06T16:59:17.000Z","updated_at":"2023-06-19T11:21:04.000Z","dependencies_parsed_at":"2024-06-19T00:27:10.006Z","dependency_job_id":"145a1206-e37e-4c49-9b1f-0eacd90849b6","html_url":"https://github.com/messagebird/gcppromd","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/messagebird/gcppromd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/messagebird%2Fgcppromd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/messagebird%2Fgcppromd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/messagebird%2Fgcppromd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/messagebird%2Fgcppromd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/messagebird","download_url":"https://codeload.github.com/messagebird/gcppromd/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/messagebird%2Fgcppromd/sbom","scorecard":{"id":637350,"data":{"date":"2025-08-11","repo":{"name":"github.com/messagebird/gcppromd","commit":"ae63f8bf66638ad894e31aa0e3d6abea10bee2a4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 6/24 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/docker-image.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: BSD 2-Clause \"Simplified\" License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.5.0 not signed: https://api.github.com/repos/messagebird/gcppromd/releases/69514942","Warn: release artifact v0.4.1 not signed: https://api.github.com/repos/messagebird/gcppromd/releases/45047847","Warn: release artifact v0.4.0 not signed: https://api.github.com/repos/messagebird/gcppromd/releases/40916585","Warn: release artifact 0.3.0 not signed: https://api.github.com/repos/messagebird/gcppromd/releases/25587919","Warn: release artifact 0.2.1 not signed: https://api.github.com/repos/messagebird/gcppromd/releases/18732209","Warn: release artifact v0.5.0 does not have provenance: https://api.github.com/repos/messagebird/gcppromd/releases/69514942","Warn: release artifact v0.4.1 does not have provenance: https://api.github.com/repos/messagebird/gcppromd/releases/45047847","Warn: release artifact v0.4.0 does not have provenance: https://api.github.com/repos/messagebird/gcppromd/releases/40916585","Warn: release artifact 0.3.0 does not have provenance: https://api.github.com/repos/messagebird/gcppromd/releases/25587919","Warn: release artifact 0.2.1 does not have provenance: https://api.github.com/repos/messagebird/gcppromd/releases/18732209"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-image.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/docker-image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/messagebird/gcppromd/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:14: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/regenerate.sh:35","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:38","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:48","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   3 out of   6 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T09:35:41.943Z","repository_id":33898559,"created_at":"2025-08-21T09:35:41.943Z","updated_at":"2025-08-21T09:35:41.943Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28723233,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T08:27:05.734Z","status":"ssl_error","status_checked_at":"2026-01-24T08:27:01.197Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-24T09:31:36.880Z","updated_at":"2026-01-24T09:31:36.936Z","avatar_url":"https://github.com/messagebird.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gcppromd\n\nGCPPromd provides Google Compute Engine auto-discovery for Prometheus.\n\n## Configuration\n\n```\nUsage of gcppromd:\n  -daemon\n    \trun the application as a daemon that periodically produces a target file with a json in Prometheus file_sd format. Disables web-mode\n  -frequency int\n    \t(daemon only)  discovery frequency in seconds (default 300)\n  -listen string\n    \tHTTP listen address (default \":8080\")\n  -outputPath string\n    \t(daemon only)  A path to the output file with targets (default \"/etc/prom_sd/targets.json\")\n  -projects string\n    \t(daemon only)  comma-separated projects IDs.\n  -projects-auto-discovery\n    \t(daemon only)  enable auto-discovery of the projects based on which projects can be listed by the provided credentials.\n  -projects-excludes string\n    \t(daemon only) RE2 regex, all projects matching it will not be discovered\n  -workers int\n    \tnumber of workers to perform the discovery (default 20)\n\n```\n\n## Docker image\n\nA docker image is [available](https://hub.docker.com/r/messagebird/gcppromd/).\n```\ndocker run messagebird/gcppromd:latest\n```\n\n## API Reference\n\n| Endpoint                | Description    |\n| ----------------------- | -------------- |\n| `GET /status`           | Health check   |\n| `GET /v1/gce/instances` | List instances |\n\n### GCE instance discovery\n\n#### Daemon mode\n\nOutputs a JSON with Prometheus targets in projects (`-projects`) to a file set by `-outputPath`.\n\n#### Web-server mode\nThe http request\n\n`GET /v1/gce/instances?projects=\u003cproject1,project2,...\u003e`\n\nreturns an array of prometheus's [`\u003cstatic_config\u003e`](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config)s.\n\nThe query parameters are:\n- `projects` accepts a list of coma separated google cloud project names.\n- `projects-auto-discovery` accepts `true`, `1`, `TRUE`, other values are evaluated to false, add all accessible projects by GCPPromd to the projects list. \n- `projects-exclude` a RE2 regex, all projects matching it will not be discovered.\n\n### General Notes (true for both web-server and daemon mode)\nA \"projects auto-discovery\" mode can be enabled with `-projects-auto-discovery` or `http://..?projects-auto-discovery=true`.\nIn that mode all the accessible projects will be scraped. You can exclude projects using `-project-excludes=regex` or `http://..?project-excludes=regex`.\n\n**Using the projects auto-discovery add 500ms-1s of overhead to requests/daemon refreshes**\n\nThe instances on those projects that have the GCE label `prometheus` (the value doesn't matter) are returned.\n\nEvery instance can have one or multiple metadata keys, *be careful metadata are not labels*, of the form `prometheus_ports`\nor `prometheus_ports_\u003cservice name\u003e` mapping to the port number that prometheus\nshould target.\n\nFor every GCE metadata like `prometheus_ports_*` a couple of Prometheus targets and Prometheus labels are emitted.\n\nAn instance can also declare the metadata keys `prometheus_delegate_address` or\n`prometheus_delegate_address_\u003cservice name\u003e` with\n`prometheus_delegate_ports` or `prometheus_delegate_ports_\u003cservice name\u003e`.\n\nThese are useful for automatically discovering instances behind a load-balancer.\n\n- `__meta_gce_instance_name`: the name of the instance\n- `__meta_gce_metadata_`\u003cname\u003e: each metadata item of the instance\n- `__meta_gce_network`: the network URL of the instance\n- `__meta_gce_private_ip`: the private IP address of the instance\n- `__meta_gce_project`: the GCP project in which the instance is running\n- `__meta_gce_public_ip`: the public IP address of the instance, if present\n- `__meta_gce_subnetwork`: the subnetwork URL of the instance\n- `__meta_gce_tags`: comma separated list of instance tags\n- `__meta_gce_zone`: the GCE zone URL in which the instance is running\n- `__meta_gce_region`: the GCE region name in which the instance is running\n- `__meta_gce_delagate_for_`: URLs of the instance delegate.\n- `__meta_gce_name`: the extracted name from the `prometheus_port_*` GCE label, an empty string if the label is exactly `prometheus_port`\n\n## Authentication\n\nTo authenticate with the google cloud APIs you can use the [Application Default Credentials process](https://cloud.google.com/docs/authentication/production) or set specific credentials using the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.\n\nThse credentials need to have the API scope `https://www.googleapis.com/auth/compute.readonly`.\n\n## Errors\n\nNo errors are ever returned by the API. They are only logged.\n\n## FAQ\n### In what this is different than [`gce_sd_configs`](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#%3Cgce_sd_config%3E)?\n\nBuilt in support for GCE in prometheus requires you to manually declare all your projects and zones. This can be tedious when you need to map many Google projects across multiple zones.\n\n### How do I pass the discovered instances to prometheus?\n\nGCPPromd returns an array of `\u003cstatic_config\u003e`, you can automatically write that output to a file and use [`\u003cfile_sd_config\u003e`]( https://prometheus.io/docs/prometheus/latest/configuration/configuration/#%3Cfile_sd_config%3E).\nPrometheus will reload the configuration automatically.\n\n### I don't see any labels?\nAll emitted labels are prefixed with  `__meta` you need to explicitly relabel to pick what you need.\nFor example, assuming that the output of `GET /v1/gce/instances` is written in `/var/local/gcppromd/gcppromd_v1_gce_instances.json`:\n\n```yaml\n- job_name: 'gce_auto_discovery'\n\n  file_sd_configs:\n    - files:\n        - /var/local/gcppromd/gcppromd_v1_gce_instances.json\n      refresh_interval: 10m\n\n  relabel_configs:\n    - source_labels: ['__meta_gce_name']\n      regex: '(.*)'\n      target_label: 'gce_name'\n      replacement: '$1'\n    - source_labels: ['__meta_gce_instance_name']\n      regex: '(.*)'\n      target_label: 'instance'\n      replacement: '$1'\n    - source_labels: ['__meta_gce_label_my_label_name']\n      regex: '(.*)'\n      target_label: 'my_label_name'\n      replacement: '$1'\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmessagebird%2Fgcppromd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmessagebird%2Fgcppromd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmessagebird%2Fgcppromd/lists"}