Skip to content

Add observability metrics to all report types

Michael Eddingtonrequested to merge
473108-observability-metrics into master

What does this MR do?

Add a new observability.events properties to scan. This allows CI-based analyzers the ability to track events via the gitlab internal events api by adding them to the security report. Events can contain any number of additional properties for collection of metrics. The events will be tracked during security report processing in the monolith.

There are three fixed named properties which specifically defined in the schema changes -- property, label, and value. Additional properties are allowed and will get added to the event tracking request. This is a recent change for internal event tracking.

Example usage:

{
  "scan": {
    "observability": {
    "events": [
      {
        # Name of the event
        "event": "api_security",
        # Following 3 properties are columns in the data warehouse
        # they should be used for primary join/filtering
        "property": "scan_uuid", # Allows joining across events
        "label": "openapi|graphql_schema|postman|graphql|har",
        "value": 60, # length of scan in minutes
        # Custom properties stored in a JSON column in the data warehouse
        "operations": 5
        "version": "5.5.5",
        "version_major": 5,
        "operations": 10, # How many API operations we are scanning
        "per-request-script": true,
        "overrides-command": true,
        "status": "completed|failed",
        "content-type": "mixed|graphql|json|xml|soap",
      },
      {
        # This event can be joined via the scan_uuid
        "event": "api_security_cwe_92",
        "property": "scan_uuid",
        "label": "graphql",
        "value": 5, # count of vulnerabilities
        "parameters": 20, # number of parameters check ran on
      },
    ],
  }}
}

What are the relevant issue numbers?

Checklist

Related to gitlab-org/gitlab#473108 (closed)

Edited by Michael Eddington

Merge request reports