OpsMx · saitejaopsmx · Feb 11, 2025 · Feb 17, 2025 · Feb 18, 2025 · Feb 18, 2025
diff --git a/charts/ssd/config/otel/otel-gateway-config.yaml b/charts/ssd/config/otel/otel-gateway-config.yaml
@@ -0,0 +1,97 @@
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 0.0.0.0:4317
+      http:
+        endpoint: 0.0.0.0:4318
+processors:
+  batch/raw:
+  batch/aggregate:
+  metricstransform/rename:
+    transforms:
+      - include: "^ssd\\.(.*)$"
+        match_type: regexp
+        action: insert
+        new_name: ssd.aggregate.$${1}
+  metricstransform/aggregate:
+    transforms:
+      - include: "^ssd\\..*$"
+        match_type: regexp
+        action: update
+        operations:
+          - action: aggregate_labels
+            label_set: ["ssd.workflow.type","k8s.deployment.name","k8s.namespace.name"]
+            aggregation_type: sum
+  resource/remove_label:
+    attributes:
+      - key: "k8s.pod.ip"
+        action: delete
+      - key: "k8s.pod.name"
+        action: delete
+      - key: "pipeline"
+        action: insert
+        value: "aggregator"
+  transform/remove_label:
+    metric_statements:
+      - context: datapoint
+        statements:
+          - 'delete_key(attributes, "k8s.pod.ip")'
+          - 'delete_key(attributes, "k8s.pod.name")'
+  groupbyattrs/aggregate:
+    keys:
+      - "k8s.deployment.name"
+      - "k8s.namespace.name"
+  filter/aggregate:
+    metrics:
+      include:
+        match_type: regexp
+        metric_names:
+          - "^ssd\\.aggregate\\..*"
+  k8sattributes/raw:
+    auth_type: serviceAccount  # Allows access to the Kubernetes API
+    passthrough: false
+    extract:
+      metadata:
+        - k8s.deployment.name
+        - k8s.namespace.name
+        - k8s.pod.name
+    pod_association:
+      - sources:
+        - from: connection
+  k8sattributes/aggregate:
+    auth_type: serviceAccount  # Allows access to the Kubernetes API
+    passthrough: false
+    extract:
+      metadata:
+        - k8s.deployment.name
+        - k8s.namespace.name
+        - k8s.pod.name
+    pod_association:
+      - sources:
+        - from: connection
+
+exporters:
+  debug:
+    verbosity: detailed
+  prometheus:
+    endpoint: "0.0.0.0:9464"
+    enable_open_metrics: true
+    metric_expiration: 5m
+    resource_to_telemetry_conversion:
+      enabled: true
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch/raw]
+      exporters: [debug]
+    metrics/raw:
+      receivers: [otlp]
+      processors: [k8sattributes/raw,batch/raw]
+      exporters: [debug, prometheus]
+    metrics/aggregate:
+      receivers: [otlp]
+      processors: [k8sattributes/aggregate,metricstransform/aggregate,metricstransform/rename,resource/remove_label,filter/aggregate,batch/aggregate]
+      exporters: [debug, prometheus]
diff --git a/charts/ssd/config/otel/otel-sidecar-config.yaml b/charts/ssd/config/otel/otel-sidecar-config.yaml
@@ -0,0 +1,35 @@
+receivers:
+  otlp:
+    protocols:
+      grpc:
+      http:
+
+processors:
+  batch:
+
+exporters:
+  otlp:
+    endpoint: "http://otel-gateway:4317"
+    tls:
+      insecure: true
+
+  debug:
+    verbosity: detailed
+
+  prometheus:
+    endpoint: "0.0.0.0:9464"
+    enable_open_metrics: true
+    metric_expiration: 5m
+    resource_to_telemetry_conversion:
+      enabled: true
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [otlp]
+    metrics:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [otlp,debug,prometheus]
diff --git a/charts/ssd/config/snyk-monitor/config.yaml b/charts/ssd/config/snyk-monitor/config.yaml
@@ -0,0 +1,19 @@
+run:
+  sync-interval: {{ .Values.snykmonitor.interval }}
+logger:
+  level: {{ .Values.snykmonitor.loglevel | quote }} # options: info, debug
+dgraph:
+  {{- if .Values.dgraph.HA.enabled }}
+  host: http://dgraph-alpha-public
+  {{- else }}
+  host: http://dgraph-public
+  {{- end }}
+  port: 8080
+tool-chain:
+  host: http://tool-chain
+  port: 8100
+ssd-opa:
+  host: http://ssd-opa
+  port: 8200
+otelAddr: localhost:4317
+otelInterval: {{ .Values.otel.interval }}
diff --git a/charts/ssd/config/ssd-gate/services-config.yaml b/charts/ssd/config/ssd-gate/services-config.yaml
@@ -96,7 +96,11 @@
   streaming: false
   strip_path: "/tool-chain"
 - name: dgraph
+  {{- if .Values.dgraph.HA.enabled }}
+  baseUrl: dgraph-alpha-public:8080
+  {{- else }}
   baseUrl: dgraph-public:8080
+  {{- end }}
   health_endpoint: /
   auth_required: true
   path_prefixes:
@@ -112,6 +116,12 @@
   - "/minio"
   baseUrl: {{ .Release.Name }}-minio:9000
   health_endpoint: ""
+- name: prometheus
+  baseUrl: {{ .Values.prometheusUrl }} #this is dependent on the localtion of the prometheus server
+  health_endpoint: ""
+  auth_required: false
+  path_prefixes:
+  - "/api/v1/query_range"
 - name: ssd-temporal-web
   baseUrl: {{ .Release.Name }}-temporal-web:8080
   health_endpoint: ""
@@ -125,3 +135,9 @@
   baseUrl: ssd-dex:5558
   health_endpoint: /healthz/ready
 {{- end }}
+- name: metrics
+  baseUrl: otel-gateway:9464
+  health_endpoint: ""
+  auth_required: false
+  path_prefixes:
+  - "/metrics"
diff --git a/charts/ssd/config/ssd-opa/ssd-opa.yaml b/charts/ssd/config/ssd-opa/ssd-opa.yaml
@@ -1,9 +1,18 @@
 httpListenPort: 8200
+{{- if .Values.dgraph.HA.enabled }}
+graphQLAddr: http://dgraph-alpha-public:8080/graphql
+dgraphQLAddr: http://dgraph-alpha-public:8080/query
+{{- else }}
 graphQLAddr: http://dgraph-public:8080/graphql
+dgraphQLAddr: http://dgraph-public:8080/query
+{{- end }}
 ssdUrl: {{.Values.global.ssdUI.protocol}}://{{.Values.global.ssdUI.host}}
 logLevel: {{ .Values.ssdopa.loglevel }}
 reScheduler: false
 redis:
   address : {{ .Release.Name }}-redis-master:{{ .Values.redis.port }}
   password: {{ .Values.redis.password }}
   db: 0
+otelAddr: localhost:4317
+otelInterval: {{ .Values.otel.interval }}
+otelLongInterval: {{ .Values.otel.LongInterval }}
diff --git a/charts/ssd/config/ssd-ui/app-config.json b/charts/ssd/config/ssd-ui/app-config.json
@@ -6,5 +6,6 @@
     "stageSecurityThresholdMinScore": 50,
     "stageSecurityThresholdMaxScore": 70,
     "dgraphToken": "",
-    "dgraphEndPointUrl": "/graphql"
+    "dgraphEndPointUrl": "/graphql",
+    "prometheusEndPointUrl": "/api/v1/query_range"
 }
diff --git a/charts/ssd/config/ssd-ui/help-text.json b/charts/ssd/config/ssd-ui/help-text.json
@@ -717,6 +717,28 @@
                 }
             }
         },
+        "SYSDIG": {
+            "HEADER": "Sysdig",
+            "BODY": "",
+            "NAME": {
+                "TOOLTIP": "",
+                "VALIDATION_MESSAGE": {
+                    "noSpecialCharacters": "Account Name cannot contain special characters other than -",
+                    "cannotContainSpace": "Account Name cannot contain space",
+                    "required": "Account Name cannot be empty",
+                    "startingFromNumber": "Account Name cannot start with numbers",
+                    "minlength": "Account Name should be more than 2 characters",
+                    "invalidName": "Please choose another account name; User generated account can't be named `default`"
+                }
+            },
+            "URL": {
+                "TOOLTIP": "",
+                "VALIDATION_MESSAGE": {
+                    "required": "URL cannot be empty",
+                    "invalidValue": "URL is invalid"
+                }
+            }
+        },
         "JFROG": {
             "HEADER": "JFrog XRay Scanning",
             "BODY": "<p>JFrog Artifactory is a universal artifact repository manager designed to store, manage, and distribute binaries and artifacts produced during the software development process, including compiled code, libraries, dependencies, Docker images, and more.</p> <div> <p><strong>Usage in SSD</strong></p> <ul> <li>JFrog Artifactory notifies SSD of each pipeline execution. SSD identifies the image for every build and connects to the Artifactory repository to pull the newly built image.</li> <li>SSD then runs security scans on the pulled images. The scan results are available on the Vulnerability Management page and the Artifact section of the DBOM page.</li> <li>JFrog Artifactory helps collect metadata such as Artifact SHA for artifact integrity checks, ensuring security in the supply chain. This information is populated in the DBOM page for audit purposes.</li> </ul> </div>",

diff --git a/charts/ssd/config/ssd-ui/insights-config.json b/charts/ssd/config/ssd-ui/insights-config.json
@@ -0,0 +1,52 @@
+{
+    "insightsConfigData": [
+        {
+            "chartType": "line",
+            "metricName": "Scan wise - Active scans count",
+            "query": "ssd_aggregate_active_workflows{k8s_namespace_name=\"{{ .Release.Namespace}}\"}",
+            "plotAxisName": "ssd_workflow_type"
+        },
+        {
+            "chartType": "line",
+            "metricName": "Scan wise - Scans completed per second",
+            "query": "rate(ssd_aggregate_executed_workflows_total{k8s_namespace_name=\"{{ .Release.Namespace}}\"}[5m])",
+            "plotAxisName": "ssd_workflow_type"
+        },
+        {
+            "chartType": "line",
+            "metricName": "Scan wise - Scans failed per second",
+            "query": "rate(ssd_aggregate_failed_wrokflows_total{k8s_namespace_name=\"{{ .Release.Namespace}}\"}[5m])",
+            "plotAxisName": "ssd_workflow_type"
+        },
+        {
+            "chartType": "area",
+            "metricName": "Source Code Repositories Scanned - Active count",
+            "query": "ssd_aggregate_source_code_repo_scan_active{k8s_namespace_name=\"{{ .Release.Namespace}}\"}",
+            "plotAxisName": ""
+        },
+        {
+            "chartType": "line",
+            "metricName": "Source Code Repositories Scanned - Completed per second",
+            "query": "rate(ssd_aggregate_source_code_repo_scan_executed_total{k8s_namespace_name=\"{{ .Release.Namespace}}\"}[5m])",
+            "plotAxisName": ""
+        },
+        {
+            "chartType": "line",
+            "metricName": "Source Code Repositories Scanned - Failed per second",
+            "query": "rate(ssd_aggregate_source_code_repo_scan_failed_total{k8s_namespace_name=\"{{ .Release.Namespace}}\"}[5m])",
+            "plotAxisName": ""
+        },
+        {
+            "chartType": "line",
+            "metricName": "Number of new repositories discovered",
+            "query": "ssd_aggregate_new_repo_discovered{k8s_namespace_name=\"{{ .Release.Namespace}}\"}",
+            "plotAxisName": ""
+        },
+        {
+            "chartType": "area",
+            "metricName": "CI/Build Events Received per Second",
+            "query": "rate(ssd_aggregate_ci_events_triggered_total{k8s_namespace_name=\"{{ .Release.Namespace}}\"}[5m])",
+            "plotAxisName": ""
+        }
+    ]
+}
diff --git a/charts/ssd/config/ssd-ui/integrators-config.json b/charts/ssd/config/ssd-ui/integrators-config.json
@@ -595,6 +595,17 @@
                             "helpText": "Options",
                             "placeholderText": ""
                         },
+                        "cimonitoring": {
+                            "displayName": "CI Monitoring",
+                            "dataType": "toggle",
+                            "default": "inactive",
+                            "featureConfig": true,
+                            "requiredKey": "sastsnykscan",
+                            "requiredValue": "Cloud Mode",
+                            "required": false,
+                            "helpText": "Options",
+                            "placeholderText": "----------"
+                        },
                         "token": {
                             "displayName": "Token",
                             "dataType": "input",
@@ -1832,6 +1843,82 @@
                         }
                     ]
                 },
+                {
+                    "integratorType": "sysdig",
+                    "displayName": "Sysdig",
+                    "category": "scanningtool",
+                    "multiSupport": true,
+                    "testConnectionFlag": true,
+                    "deleteAccount": true,
+                    "integratorConfigs": {
+                        "name": {
+                            "displayName": "Account Name",
+                            "dataType": "input",
+                            "required": true,
+                            "helpText": "",
+                            "placeholderText": "opsmx-accountname"
+                        },
+                        "url": {
+                            "dataType": "input",
+                            "displayName": "URL",
+                            "helpText": "URL",
+                            "regexpValue": "^(?:https?:\/\/|s?ftps?:\/\/)?(?!www | www\\.)[A-Za-z0-9_-]+\\.+[A-Za-z0-9.\/%&=\\?_:;-]+$|https?:\/\/(?:w{1,3}\\.)?[^\\s.]+(?:\\.[a-z]+)*(?::\\d+)?(?![^<]*(?:<\/\\w+>|\/?>))",
+                            "placeholderText": "Example:https://site.com",
+                            "required": true,
+                            "encrypt": false
+                        },
+                        "token": {
+                            "displayName": "Token",
+                            "dataType": "input",
+                            "required": true,
+                            "encrypt": true,
+                            "helpText": "Authentiation Type",
+                            "placeholderText": "Example:knjnasjwokldjhse"
+                        }
+                    },
+                    "gridConfigs": [
+                        {
+                            "name": "Account Name",
+                            "prop": "name",
+                            "type": "default",
+                            "width": 160,
+                            "sortable": false,
+                            "defatultVisibility": true
+                        },
+                        {
+                            "name": "Url",
+                            "prop": "url",
+                            "type": "default",
+                            "width": 160,
+                            "sortable": false,
+                            "defatultVisibility": true
+                        },
+                        {
+                            "name": "Team",
+                            "prop": "team",
+                            "type": "chipSet",
+                            "width": 130,
+                            "sortable": false,
+                            "defatultVisibility": true
+                        },
+                        {
+                            "name": "Environment",
+                            "prop": "environments",
+                            "type": "chipSet",
+                            "width": 130,
+                            "sortable": false,
+                            "defatultVisibility": true
+                        },
+                        {
+                            "name": "Status",
+                            "prop": "status",
+                            "type": "toggleSwitch",
+                            "width": 80,
+                            "sortable": false,
+                            "defatultVisibility": true
+                        }
+                    ]
+                },
                 {
                     "integratorType": "syft",
                     "displayName": "Syft (CMD)",