From 5c03ea78817a76e5f658a2c922f28637fb409ac9 Mon Sep 17 00:00:00 2001
From: dwalker-sabiogroup
 <100362969+dwalker-sabiogroup@users.noreply.github.com>
Date: Sat, 3 Aug 2024 13:21:18 +0100
Subject: [PATCH 1/8] fix: high cardinality policy_violations metrics (#1)

* fix: high cardinality policy_violations metrics

The exporter initialises all possible labels of dependency_track_project_policy_violations
metrics which adds 72 metrics for each project.

https://github.com/jetstack/dependency-track-exporter/issues/53 has details of the rational but there are usecases where
it is desirable to only have non-zero values of the metrics available.

This change adds a new argument that enables only non-zero value metrics to be returned.
This flag defaults to the current behaviour so is an opt in feature.

* docs: add flag to readme
---
 README.md                     |  2 ++
 internal/exporter/exporter.go | 51 ++++++++++++++++++-----------------
 main.go                       | 21 ++++++++-------
 3 files changed, 41 insertions(+), 33 deletions(-)

diff --git a/README.md b/README.md
index 04945d0..5d2f780 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,8 @@ Flags:
                             Dependency-Track server address (default: http://localhost:8080 or $DEPENDENCY_TRACK_ADDR)
       --dtrack.api-key=DTRACK.API-KEY
                             Dependency-Track API key (default: $DEPENDENCY_TRACK_API_KEY)
+      --[no-]exporter.reduce-policy-cardinality  
+                            Initialize all policy_violations metric label values (can also be set with $EXPORTER_REDUCE_POLICY_CARDINALITY)
       --log.level=info      Only log messages with the given severity or above. One of: [debug, info, warn, error]
       --log.format=logfmt   Output format of log messages. One of: [logfmt, json]
       --version             Show application version.
diff --git a/internal/exporter/exporter.go b/internal/exporter/exporter.go
index a84775a..8e0e33f 100644
--- a/internal/exporter/exporter.go
+++ b/internal/exporter/exporter.go
@@ -20,8 +20,9 @@ const (
 
 // Exporter exports metrics from a Dependency-Track server
 type Exporter struct {
-	Client *dtrack.Client
-	Logger log.Logger
+	Client                  *dtrack.Client
+	Logger                  log.Logger
+	ReducePolicyCardinality bool
 }
 
 // HandlerFunc handles requests to /metrics
@@ -235,28 +236,30 @@ func (e *Exporter) collectProjectMetrics(ctx context.Context, registry *promethe
 
 		// Initialize all the possible violation series with a 0 value so that it
 		// properly records increments from 0 -> 1
-		for _, possibleType := range []string{"LICENSE", "OPERATIONAL", "SECURITY"} {
-			for _, possibleState := range []string{"INFO", "WARN", "FAIL"} {
-				for _, possibleAnalysis := range []dtrack.ViolationAnalysisState{
-					dtrack.ViolationAnalysisStateApproved,
-					dtrack.ViolationAnalysisStateRejected,
-					dtrack.ViolationAnalysisStateNotSet,
-					// If there isn't any analysis for a policy
-					// violation then the value in the UI is
-					// actually empty. So let's represent that in
-					// these metrics as a possible analysis state.
-					"",
-				} {
-					for _, possibleSuppressed := range []string{"true", "false"} {
-						policyViolations.With(prometheus.Labels{
-							"uuid":       project.UUID.String(),
-							"name":       project.Name,
-							"version":    project.Version,
-							"type":       possibleType,
-							"state":      possibleState,
-							"analysis":   string(possibleAnalysis),
-							"suppressed": possibleSuppressed,
-						})
+		if e.ReducePolicyCardinality {
+			for _, possibleType := range []string{"LICENSE", "OPERATIONAL", "SECURITY"} {
+				for _, possibleState := range []string{"INFO", "WARN", "FAIL"} {
+					for _, possibleAnalysis := range []dtrack.ViolationAnalysisState{
+						dtrack.ViolationAnalysisStateApproved,
+						dtrack.ViolationAnalysisStateRejected,
+						dtrack.ViolationAnalysisStateNotSet,
+						// If there isn't any analysis for a policy
+						// violation then the value in the UI is
+						// actually empty. So let's represent that in
+						// these metrics as a possible analysis state.
+						"",
+					} {
+						for _, possibleSuppressed := range []string{"true", "false"} {
+							policyViolations.With(prometheus.Labels{
+								"uuid":       project.UUID.String(),
+								"name":       project.Name,
+								"version":    project.Version,
+								"type":       possibleType,
+								"state":      possibleState,
+								"analysis":   string(possibleAnalysis),
+								"suppressed": possibleSuppressed,
+							})
+						}
 					}
 				}
 			}
diff --git a/main.go b/main.go
index e36cf54..b0760cb 100644
--- a/main.go
+++ b/main.go
@@ -20,8 +20,9 @@ import (
 )
 
 const (
-	envAddress string = "DEPENDENCY_TRACK_ADDR"
-	envAPIKey  string = "DEPENDENCY_TRACK_API_KEY"
+	envAddress                         string = "DEPENDENCY_TRACK_ADDR"
+	envAPIKey                          string = "DEPENDENCY_TRACK_API_KEY"
+	envExporterReducePolicyCardinality string = "EXPORTER_REDUCE_POLICY_CARDINALITY"
 )
 
 func init() {
@@ -30,11 +31,12 @@ func init() {
 
 func main() {
 	var (
-		webConfig     = webflag.AddFlags(kingpin.CommandLine, ":9916")
-		metricsPath   = kingpin.Flag("web.metrics-path", "Path under which to expose metrics").Default("/metrics").String()
-		dtAddress     = kingpin.Flag("dtrack.address", fmt.Sprintf("Dependency-Track server address (can also be set with $%s)", envAddress)).Default("http://localhost:8080").Envar(envAddress).String()
-		dtAPIKey      = kingpin.Flag("dtrack.api-key", fmt.Sprintf("Dependency-Track API key (can also be set with $%s)", envAPIKey)).Envar(envAPIKey).Required().String()
-		promlogConfig = promlog.Config{}
+		webConfig                       = webflag.AddFlags(kingpin.CommandLine, ":9916")
+		metricsPath                     = kingpin.Flag("web.metrics-path", "Path under which to expose metrics").Default("/metrics").String()
+		dtAddress                       = kingpin.Flag("dtrack.address", fmt.Sprintf("Dependency-Track server address (can also be set with $%s)", envAddress)).Default("http://localhost:8080").Envar(envAddress).String()
+		dtAPIKey                        = kingpin.Flag("dtrack.api-key", fmt.Sprintf("Dependency-Track API key (can also be set with $%s)", envAPIKey)).Envar(envAPIKey).Required().String()
+		exporterReducePolicyCardinality = kingpin.Flag("exporter.reduce-policy-cardinality", fmt.Sprintf("Initialize all policy_violations metric label values (can also be set with $%s)", envExporterReducePolicyCardinality)).Envar(envExporterReducePolicyCardinality).Default("true").Bool()
+		promlogConfig                   = promlog.Config{}
 	)
 
 	flag.AddFlags(kingpin.CommandLine, &promlogConfig)
@@ -54,8 +56,9 @@ func main() {
 	}
 
 	e := exporter.Exporter{
-		Client: c,
-		Logger: logger,
+		Client:                  c,
+		Logger:                  logger,
+		ReducePolicyCardinality: *exporterReducePolicyCardinality,
 	}
 
 	http.HandleFunc(*metricsPath, e.HandlerFunc())

From 6c42902664c4ebc7d49aaff7ce3800eacaa81c39 Mon Sep 17 00:00:00 2001
From: dwalker-sabiogroup
 <100362969+dwalker-sabiogroup@users.noreply.github.com>
Date: Sat, 3 Aug 2024 13:52:03 +0100
Subject: [PATCH 2/8] fix: imports (#2)

* fix: imports

* fix: invalid goreleaser args

* fix: invalid goreleaser args

* fix: invalid goreleaser args
---
 .github/workflows/release.yaml        |  2 +-
 .github/workflows/test-and-build.yaml |  2 +-
 .goreleaser.yaml                      | 18 +++++++++---------
 go.mod                                |  2 +-
 main.go                               |  2 +-
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 59b226a..36ad34b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -37,6 +37,6 @@ jobs:
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7
         with:
-          args: release --rm-dist
+          args: release 
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test-and-build.yaml b/.github/workflows/test-and-build.yaml
index 1ef372f..98bb9e3 100644
--- a/.github/workflows/test-and-build.yaml
+++ b/.github/workflows/test-and-build.yaml
@@ -43,6 +43,6 @@ jobs:
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7
         with:
-          args: --snapshot --skip-sign --skip-validate --skip-publish --rm-dist
+          args: --snapshot --skip validate
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 0284f0e..4913425 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -21,11 +21,11 @@ builds:
       -X github.com/prometheus/common/version.BuildDate={{.Date}}
 release:
   github:
-    owner: jetstack
+    owner: dwalker-sabiogroup
     name: dependency-track-exporter
 dockers:
   - image_templates:
-      - "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}-amd64"
+      - "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}-amd64"
     dockerfile: Dockerfile.goreleaser
     use: buildx
     build_flag_templates:
@@ -37,7 +37,7 @@ dockers:
       - "--label=org.opencontainers.image.source={{.GitURL}}"
       - "--platform=linux/amd64"
   - image_templates:
-      - "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}-arm64"
+      - "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}-arm64"
     dockerfile: Dockerfile.goreleaser
     use: buildx
     build_flag_templates:
@@ -50,11 +50,11 @@ dockers:
       - "--platform=linux/arm64"
     goarch: arm64
 docker_manifests:
-  - name_template: "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}"
+  - name_template: "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}"
     image_templates:
-      - "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}-amd64"
-      - "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}-arm64"
-  - name_template: "ghcr.io/jetstack/dependency-track-exporter:latest"
+      - "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}-amd64"
+      - "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}-arm64"
+  - name_template: "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:latest"
     image_templates:
-      - "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}-amd64"
-      - "ghcr.io/jetstack/dependency-track-exporter:{{.Version}}-arm64"
+      - "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}-amd64"
+      - "ghcr.io/dwalker-sabiogroup/dependency-track-exporter:{{.Version}}-arm64"
diff --git a/go.mod b/go.mod
index cd9f84a..24bd6c0 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/jetstack/dependency-track-exporter
+module github.com/dwalker-sabiogroup/dependency-track-exporter
 
 go 1.20
 
diff --git a/main.go b/main.go
index b0760cb..810db50 100644
--- a/main.go
+++ b/main.go
@@ -9,8 +9,8 @@ import (
 
 	dtrack "github.com/DependencyTrack/client-go"
 	"github.com/alecthomas/kingpin/v2"
+	"github.com/dwalker-sabiogroup/dependency-track-exporter/internal/exporter"
 	"github.com/go-kit/log/level"
-	"github.com/jetstack/dependency-track-exporter/internal/exporter"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/common/promlog"
 	"github.com/prometheus/common/promlog/flag"

From 6bde4b54f8e35d4c66c8e48bf01494c13504abf9 Mon Sep 17 00:00:00 2001
From: dwalker-sabiogroup
 <100362969+dwalker-sabiogroup@users.noreply.github.com>
Date: Sat, 3 Aug 2024 14:32:19 +0100
Subject: [PATCH 3/8] chore: update all dependencies (#3)

---
 .github/workflows/release.yaml        |  12 +--
 .github/workflows/test-and-build.yaml |  14 +--
 go.mod                                |  45 +++++-----
 go.sum                                | 117 ++++++++++++--------------
 internal/exporter/exporter.go         |   2 +-
 main.go                               |   3 +-
 6 files changed, 92 insertions(+), 101 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 36ad34b..71596fb 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -12,7 +12,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -20,22 +20,22 @@ jobs:
         run: git fetch --force --tags
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
+        uses: docker/setup-qemu-action@v3
 
       - name: Login to ghcr.io
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20.x"
+          go-version-file: 'go.mod'
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7
+        uses: goreleaser/goreleaser-action@v6
         with:
           args: release 
         env:
diff --git a/.github/workflows/test-and-build.yaml b/.github/workflows/test-and-build.yaml
index 98bb9e3..67ea2ed 100644
--- a/.github/workflows/test-and-build.yaml
+++ b/.github/workflows/test-and-build.yaml
@@ -10,15 +10,15 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@v4
 
       - name: Unshallow
         run: git fetch --prune --unshallow
 
       - name: Set up Go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20.x"
+          go-version-file: 'go.mod'
 
       - name: Test
         run: go test -short -v ./...
@@ -30,18 +30,18 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@v4
 
       - name: Unshallow
         run: git fetch --prune --unshallow
 
       - name: Set up Go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20.x"
+          go-version-file: 'go.mod'
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7
+        uses: goreleaser/goreleaser-action@v6
         with:
           args: --snapshot --skip validate
         env:
diff --git a/go.mod b/go.mod
index 24bd6c0..84c2844 100644
--- a/go.mod
+++ b/go.mod
@@ -1,39 +1,36 @@
 module github.com/dwalker-sabiogroup/dependency-track-exporter
 
-go 1.20
+go 1.22
 
 require (
-	github.com/DependencyTrack/client-go v0.11.0
-	github.com/alecthomas/kingpin/v2 v2.3.2
+	github.com/DependencyTrack/client-go v0.13.0
+	github.com/alecthomas/kingpin/v2 v2.4.0
 	github.com/go-kit/log v0.2.1
-	github.com/google/go-cmp v0.5.9
-	github.com/google/uuid v1.3.0
-	github.com/prometheus/client_golang v1.16.0
-	github.com/prometheus/common v0.44.0
-	github.com/prometheus/exporter-toolkit v0.10.0
+	github.com/google/go-cmp v0.6.0
+	github.com/google/uuid v1.6.0
+	github.com/prometheus/client_golang v1.19.1
+	github.com/prometheus/common v0.55.0
+	github.com/prometheus/exporter-toolkit v0.11.0
 )
 
 require (
-	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
+	github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
-	github.com/go-logfmt/logfmt v0.5.1 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/go-logfmt/logfmt v0.6.0 // indirect
 	github.com/jpillora/backoff v1.0.0 // indirect
-	github.com/kr/text v0.2.0 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
-	golang.org/x/crypto v0.8.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/oauth2 v0.8.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index debdaae..129fa34 100644
--- a/go.sum
+++ b/go.sum
@@ -1,90 +1,83 @@
-github.com/DependencyTrack/client-go v0.11.0 h1:1g+eHC8nJyIzi68zcs+dr3OHRvS1aC+4Uy3YKA0JJhc=
-github.com/DependencyTrack/client-go v0.11.0/go.mod h1:XLZnOksOs56Svq+K4xmBkN8U97gpP7r1BkhCc/xA8Iw=
-github.com/alecthomas/kingpin/v2 v2.3.2 h1:H0aULhgmSzN8xQ3nX1uxtdlTHYoPLu5AhHxWrKI6ocU=
-github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
-github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
-github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
+github.com/DependencyTrack/client-go v0.13.0 h1:w2TvudrBbgBtS2oMbisfo9Av4rJnS1g9VsdCpZ6PU/8=
+github.com/DependencyTrack/client-go v0.13.0/go.mod h1:XLZnOksOs56Svq+K4xmBkN8U97gpP7r1BkhCc/xA8Iw=
+github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY=
+github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
+github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30 h1:t3eaIm0rUkzbrIewtiFmMK5RXHej2XnoXNhxVsAYUfg=
+github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30/go.mod h1:fvzegU4vN3H1qMT+8wDmzjAcDONcgo2/SZ/TyfdUOFs=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
 github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
+github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
+github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
-github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/exporter-toolkit v0.10.0 h1:yOAzZTi4M22ZzVxD+fhy1URTuNRj/36uQJJ5S8IPza8=
-github.com/prometheus/exporter-toolkit v0.10.0/go.mod h1:+sVFzuvV5JDyw+Ih6p3zFxZNVnKQa3x5qPmDSiPu4ZY=
-github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
-github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/exporter-toolkit v0.11.0 h1:yNTsuZ0aNCNFQ3aFTD2uhPOvr4iD7fdBvKPAEGkNf+g=
+github.com/prometheus/exporter-toolkit v0.11.0/go.mod h1:BVnENhnNecpwoTLiABx7mrPB/OLRIgN74qlQbV+FK1Q=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
 github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/internal/exporter/exporter.go b/internal/exporter/exporter.go
index 8e0e33f..e1f3789 100644
--- a/internal/exporter/exporter.go
+++ b/internal/exporter/exporter.go
@@ -285,7 +285,7 @@ func (e *Exporter) collectProjectMetrics(ctx context.Context, registry *promethe
 			"name":       violation.Project.Name,
 			"version":    violation.Project.Version,
 			"type":       violation.Type,
-			"state":      violation.PolicyCondition.Policy.ViolationState,
+			"state":      string(violation.PolicyCondition.Policy.ViolationState),
 			"analysis":   analysisState,
 			"suppressed": suppressed,
 		}).Inc()
diff --git a/main.go b/main.go
index 810db50..8080383 100644
--- a/main.go
+++ b/main.go
@@ -12,6 +12,7 @@ import (
 	"github.com/dwalker-sabiogroup/dependency-track-exporter/internal/exporter"
 	"github.com/go-kit/log/level"
 	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/collectors"
 	"github.com/prometheus/common/promlog"
 	"github.com/prometheus/common/promlog/flag"
 	"github.com/prometheus/common/version"
@@ -26,7 +27,7 @@ const (
 )
 
 func init() {
-	prometheus.MustRegister(version.NewCollector(exporter.Namespace + "_exporter"))
+	prometheus.MustRegister(collectors.NewBuildInfoCollector())
 }
 
 func main() {

From c530bb0b8f9ecf85d86618f9cbb36aac071dc88b Mon Sep 17 00:00:00 2001
From: dwalker-sabiogroup
 <100362969+dwalker-sabiogroup@users.noreply.github.com>
Date: Sat, 3 Aug 2024 16:23:09 +0100
Subject: [PATCH 4/8] feat: add observability (#4)

---
 go.mod                        |  9 +++++
 go.sum                        | 19 +++++++++++
 internal/exporter/exporter.go | 11 +++---
 main.go                       | 64 ++++++++++++++++++++++-------------
 4 files changed, 74 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index 84c2844..fa916c1 100644
--- a/go.mod
+++ b/go.mod
@@ -18,13 +18,22 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/samber/slog-http v1.4.1 // indirect
+	github.com/samber/slog-otel v0.0.0-20240701120852-8150bb781d6a // indirect
 	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
 	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
diff --git a/go.sum b/go.sum
index 129fa34..f435016 100644
--- a/go.sum
+++ b/go.sum
@@ -13,10 +13,17 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
 github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
 github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -48,6 +55,10 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/samber/slog-http v1.4.1 h1:+QdPr43wLrzDwRlo5jHPBkkZwP3Sg0FkNdPvnZ4exUo=
+github.com/samber/slog-http v1.4.1/go.mod h1:n6h4x2ZBeTgLqMKf95EuNlU6mcJF1b/RVLxo1od5+V0=
+github.com/samber/slog-otel v0.0.0-20240701120852-8150bb781d6a h1:jTxxtTkTUft08O2kNOYz21iG0DZbJuaa0r5wEFMJR6Y=
+github.com/samber/slog-otel v0.0.0-20240701120852-8150bb781d6a/go.mod h1:w/QbgLQKaKHzS1corVXOimL+/oVE5r1DTBsRr7wfI24=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -59,6 +70,14 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
 github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
diff --git a/internal/exporter/exporter.go b/internal/exporter/exporter.go
index e1f3789..944b7d6 100644
--- a/internal/exporter/exporter.go
+++ b/internal/exporter/exporter.go
@@ -3,12 +3,11 @@ package exporter
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"net/http"
 	"strconv"
 
 	dtrack "github.com/DependencyTrack/client-go"
-	"github.com/go-kit/log"
-	"github.com/go-kit/log/level"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
@@ -21,7 +20,7 @@ const (
 // Exporter exports metrics from a Dependency-Track server
 type Exporter struct {
 	Client                  *dtrack.Client
-	Logger                  log.Logger
+	Logger                  *slog.Logger
 	ReducePolicyCardinality bool
 }
 
@@ -31,13 +30,13 @@ func (e *Exporter) HandlerFunc() http.HandlerFunc {
 		registry := prometheus.NewRegistry()
 
 		if err := e.collectPortfolioMetrics(r.Context(), registry); err != nil {
-			level.Error(e.Logger).Log("err", err)
+			e.Logger.Error("collect portfolio metrics", slog.String("error", err.Error()))
 			http.Error(w, fmt.Sprintf("error: %s", err), http.StatusInternalServerError)
 			return
 		}
 
 		if err := e.collectProjectMetrics(r.Context(), registry); err != nil {
-			level.Error(e.Logger).Log("err", err)
+			e.Logger.Error("collect project metrics", slog.String("error", err.Error()))
 			http.Error(w, fmt.Sprintf("error: %s", err), http.StatusInternalServerError)
 			return
 		}
@@ -236,7 +235,7 @@ func (e *Exporter) collectProjectMetrics(ctx context.Context, registry *promethe
 
 		// Initialize all the possible violation series with a 0 value so that it
 		// properly records increments from 0 -> 1
-		if e.ReducePolicyCardinality {
+		if !e.ReducePolicyCardinality {
 			for _, possibleType := range []string{"LICENSE", "OPERATIONAL", "SECURITY"} {
 				for _, possibleState := range []string{"INFO", "WARN", "FAIL"} {
 					for _, possibleAnalysis := range []dtrack.ViolationAnalysisState{
diff --git a/main.go b/main.go
index 8080383..2f4dc43 100644
--- a/main.go
+++ b/main.go
@@ -2,22 +2,24 @@ package main
 
 import (
 	"fmt"
+	"log/slog"
 	"net/http"
 	"os"
 	"os/signal"
 	"syscall"
 
+	_ "net/http/pprof"
+
 	dtrack "github.com/DependencyTrack/client-go"
 	"github.com/alecthomas/kingpin/v2"
 	"github.com/dwalker-sabiogroup/dependency-track-exporter/internal/exporter"
-	"github.com/go-kit/log/level"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/collectors"
 	"github.com/prometheus/common/promlog"
 	"github.com/prometheus/common/promlog/flag"
 	"github.com/prometheus/common/version"
-	"github.com/prometheus/exporter-toolkit/web"
-	webflag "github.com/prometheus/exporter-toolkit/web/kingpinflag"
+	sloghttp "github.com/samber/slog-http"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 )
 
 const (
@@ -32,7 +34,7 @@ func init() {
 
 func main() {
 	var (
-		webConfig                       = webflag.AddFlags(kingpin.CommandLine, ":9916")
+		webConfig                       = kingpin.Flag("web.listen-address", "Address to listen on for web interface and telemetry").Default(":9916").String()
 		metricsPath                     = kingpin.Flag("web.metrics-path", "Path under which to expose metrics").Default("/metrics").String()
 		dtAddress                       = kingpin.Flag("dtrack.address", fmt.Sprintf("Dependency-Track server address (can also be set with $%s)", envAddress)).Default("http://localhost:8080").Envar(envAddress).String()
 		dtAPIKey                        = kingpin.Flag("dtrack.api-key", fmt.Sprintf("Dependency-Track API key (can also be set with $%s)", envAPIKey)).Envar(envAPIKey).Required().String()
@@ -45,14 +47,19 @@ func main() {
 	kingpin.HelpFlag.Short('h')
 	kingpin.Parse()
 
-	logger := promlog.New(&promlogConfig)
+	logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
+
+	config := sloghttp.Config{
+		WithSpanID:  true,
+		WithTraceID: true,
+	}
 
-	level.Info(logger).Log("msg", fmt.Sprintf("Starting %s_exporter %s", exporter.Namespace, version.Info()))
-	level.Info(logger).Log("msg", fmt.Sprintf("Build context %s", version.BuildContext()))
+	logger.Info(fmt.Sprintf("Starting %s_exporter %s", exporter.Namespace, version.Info()))
+	logger.Info("Build context " + version.BuildContext())
 
 	c, err := dtrack.NewClient(*dtAddress, dtrack.WithAPIKey(*dtAPIKey))
 	if err != nil {
-		level.Error(logger).Log("msg", "Error creating client", "err", err)
+		logger.Error("Error creating client", slog.String("error", err.Error()))
 		os.Exit(1)
 	}
 
@@ -62,33 +69,44 @@ func main() {
 		ReducePolicyCardinality: *exporterReducePolicyCardinality,
 	}
 
-	http.HandleFunc(*metricsPath, e.HandlerFunc())
-	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		_, _ = w.Write([]byte(`<html>
-						 <head><title>Dependency-Track Exporter</title></head>
-						 <body>
-						 <h1>Dependency-Track Exporter</h1>
-						 <p><a href='` + *metricsPath + `'>Metrics</a></p>
-						 </body>
-						 </html>`))
-	})
+	mux := http.NewServeMux()
+
+	handler := sloghttp.Recovery(mux)
+	handler = sloghttp.NewWithConfig(logger, config)(handler)
+
+	mux.Handle(*metricsPath, otelhttp.WithRouteTag(*metricsPath, e.HandlerFunc()))
+
+	mux.Handle("/", otelhttp.WithRouteTag("/", http.HandlerFunc(
+		func(w http.ResponseWriter, _ *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})))
 
 	srvc := make(chan struct{})
 	term := make(chan os.Signal, 1)
 	signal.Notify(term, os.Interrupt, syscall.SIGTERM)
 
 	go func() {
-		srv := &http.Server{}
-		if err := web.ListenAndServe(srv, webConfig, logger); err != http.ErrServerClosed {
-			level.Error(logger).Log("msg", "Error starting HTTP server", "err", err)
-			close(srvc)
+		err := http.ListenAndServe(*webConfig,
+			otelhttp.NewHandler(
+				handler,
+				"server",
+				otelhttp.WithMessageEvents(
+					otelhttp.ReadEvents,
+					otelhttp.WriteEvents,
+				),
+			),
+		)
+
+		if err != nil {
+			logger.Error(err.Error())
 		}
+
 	}()
 
 	for {
 		select {
 		case <-term:
-			level.Info(logger).Log("msg", "Received SIGTERM, exiting gracefully...")
+			logger.Info("Received SIGTERM, exiting gracefully...")
 			os.Exit(0)
 		case <-srvc:
 			os.Exit(1)

From 4c65e353bddcf04e514de23e376c1b85bc59a706 Mon Sep 17 00:00:00 2001
From: dwalker-sabiogroup
 <100362969+dwalker-sabiogroup@users.noreply.github.com>
Date: Sat, 3 Aug 2024 18:12:08 +0100
Subject: [PATCH 5/8] fix: register pprof routes (#5)

---
 main.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 2f4dc43..c15b8e7 100644
--- a/main.go
+++ b/main.go
@@ -8,7 +8,7 @@ import (
 	"os/signal"
 	"syscall"
 
-	_ "net/http/pprof"
+	"net/http/pprof"
 
 	dtrack "github.com/DependencyTrack/client-go"
 	"github.com/alecthomas/kingpin/v2"
@@ -81,6 +81,12 @@ func main() {
 			w.WriteHeader(http.StatusOK)
 		})))
 
+	mux.Handle("/debug/pprof/profile", otelhttp.WithRouteTag("/debug/pprof/profile", pprof.Handler("profile")))
+	mux.Handle("/debug/pprof/block", otelhttp.WithRouteTag("/debug/pprof/block", pprof.Handler("block")))
+	mux.Handle("/debug/pprof/allocs", otelhttp.WithRouteTag("/debug/pprof/allocs", pprof.Handler("allocs")))
+	mux.Handle("/debug/pprof/goroutine", otelhttp.WithRouteTag("/debug/pprof/goroutine", pprof.Handler("goroutine")))
+	mux.Handle("/debug/pprof/mutex", otelhttp.WithRouteTag("/debug/pprof/mutex", pprof.Handler("mutex")))
+
 	srvc := make(chan struct{})
 	term := make(chan os.Signal, 1)
 	signal.Notify(term, os.Interrupt, syscall.SIGTERM)

From 62184a3f3fd0aef6bc1a56c26209bb5169c8b8a2 Mon Sep 17 00:00:00 2001
From: dwalker-sabiogroup
 <100362969+dwalker-sabiogroup@users.noreply.github.com>
Date: Sat, 3 Aug 2024 22:37:42 +0100
Subject: [PATCH 6/8] fix: add separate listener for profiling (#6)

---
 main.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.go b/main.go
index c15b8e7..653587b 100644
--- a/main.go
+++ b/main.go
@@ -2,13 +2,14 @@ package main
 
 import (
 	"fmt"
+	"log"
 	"log/slog"
 	"net/http"
 	"os"
 	"os/signal"
 	"syscall"
 
-	"net/http/pprof"
+	_ "net/http/pprof"
 
 	dtrack "github.com/DependencyTrack/client-go"
 	"github.com/alecthomas/kingpin/v2"
@@ -34,6 +35,7 @@ func init() {
 
 func main() {
 	var (
+		profilingConfig                 = kingpin.Flag("web.pprof-listen-address", "Address to listen on for pprof").Default(":9917").String()
 		webConfig                       = kingpin.Flag("web.listen-address", "Address to listen on for web interface and telemetry").Default(":9916").String()
 		metricsPath                     = kingpin.Flag("web.metrics-path", "Path under which to expose metrics").Default("/metrics").String()
 		dtAddress                       = kingpin.Flag("dtrack.address", fmt.Sprintf("Dependency-Track server address (can also be set with $%s)", envAddress)).Default("http://localhost:8080").Envar(envAddress).String()
@@ -81,16 +83,14 @@ func main() {
 			w.WriteHeader(http.StatusOK)
 		})))
 
-	mux.Handle("/debug/pprof/profile", otelhttp.WithRouteTag("/debug/pprof/profile", pprof.Handler("profile")))
-	mux.Handle("/debug/pprof/block", otelhttp.WithRouteTag("/debug/pprof/block", pprof.Handler("block")))
-	mux.Handle("/debug/pprof/allocs", otelhttp.WithRouteTag("/debug/pprof/allocs", pprof.Handler("allocs")))
-	mux.Handle("/debug/pprof/goroutine", otelhttp.WithRouteTag("/debug/pprof/goroutine", pprof.Handler("goroutine")))
-	mux.Handle("/debug/pprof/mutex", otelhttp.WithRouteTag("/debug/pprof/mutex", pprof.Handler("mutex")))
-
 	srvc := make(chan struct{})
 	term := make(chan os.Signal, 1)
 	signal.Notify(term, os.Interrupt, syscall.SIGTERM)
 
+	go func() {
+		log.Fatal(http.ListenAndServe(*profilingConfig, http.DefaultServeMux))
+	}()
+
 	go func() {
 		err := http.ListenAndServe(*webConfig,
 			otelhttp.NewHandler(

From cbcbfa3d19ca54d36232ce8b15fad83a14b127d5 Mon Sep 17 00:00:00 2001
From: David Walker <dwalker@sabiogroup.com>
Date: Sun, 1 Sep 2024 21:54:29 +0100
Subject: [PATCH 7/8] feat: only return latest project

---
 internal/exporter/exporter.go      | 341 ++++++-----------------------
 internal/exporter/exporter_test.go | 118 ----------
 main.go                            |  33 ++-
 3 files changed, 86 insertions(+), 406 deletions(-)
 delete mode 100644 internal/exporter/exporter_test.go

diff --git a/internal/exporter/exporter.go b/internal/exporter/exporter.go
index 944b7d6..355f64c 100644
--- a/internal/exporter/exporter.go
+++ b/internal/exporter/exporter.go
@@ -2,305 +2,106 @@ package exporter
 
 import (
 	"context"
-	"fmt"
 	"log/slog"
-	"net/http"
-	"strconv"
 
 	dtrack "github.com/DependencyTrack/client-go"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
-const (
-	// Namespace is the metrics namespace of the exporter
-	Namespace string = "dependency_track"
-)
-
-// Exporter exports metrics from a Dependency-Track server
 type Exporter struct {
-	Client                  *dtrack.Client
-	Logger                  *slog.Logger
-	ReducePolicyCardinality bool
+	client             *dtrack.Client
+	logger             *slog.Logger
+	vulnerabilities    *prometheus.Desc
+	policyViolations   *prometheus.Desc
+	lastBOMImport      *prometheus.Desc
+	inheritedRiskScore *prometheus.Desc
 }
 
-// HandlerFunc handles requests to /metrics
-func (e *Exporter) HandlerFunc() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		registry := prometheus.NewRegistry()
-
-		if err := e.collectPortfolioMetrics(r.Context(), registry); err != nil {
-			e.Logger.Error("collect portfolio metrics", slog.String("error", err.Error()))
-			http.Error(w, fmt.Sprintf("error: %s", err), http.StatusInternalServerError)
-			return
-		}
-
-		if err := e.collectProjectMetrics(r.Context(), registry); err != nil {
-			e.Logger.Error("collect project metrics", slog.String("error", err.Error()))
-			http.Error(w, fmt.Sprintf("error: %s", err), http.StatusInternalServerError)
-			return
-		}
-
-		// Serve
-		h := promhttp.HandlerFor(registry, promhttp.HandlerOpts{})
-		h.ServeHTTP(w, r)
+func New(cl *dtrack.Client, l *slog.Logger) *Exporter {
+	return &Exporter{
+		client: cl,
+		logger: l,
+		vulnerabilities: prometheus.NewDesc(
+			"dependency_track_project_vulnerability",
+			"Number of vulnerabilities for a project by severity",
+			[]string{"name", "uuid", "version", "severity"},
+			nil,
+		),
+		policyViolations: prometheus.NewDesc(
+			"dependency_track_project_policy_violation",
+			"Policy violations for a project",
+			[]string{"name", "uuid", "version", "state"},
+			nil,
+		),
+		lastBOMImport: prometheus.NewDesc(
+			"dependency_track_project_last_bom_import",
+			"Last BOM import date, represented as a Unix timestamp",
+			[]string{"name", "uuid", "version"},
+			nil,
+		),
+		inheritedRiskScore: prometheus.NewDesc(
+			"dependency_track_project_inherited_risk_score",
+			"Inherited risk score for a project",
+			[]string{"name", "uuid", "version"},
+			nil,
+		),
 	}
 }
 
-func (e *Exporter) collectPortfolioMetrics(ctx context.Context, registry *prometheus.Registry) error {
-	var (
-		inheritedRiskScore = prometheus.NewGauge(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "portfolio", "inherited_risk_score"),
-				Help: "The inherited risk score of the whole portfolio.",
-			},
-		)
-		vulnerabilities = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "portfolio", "vulnerabilities"),
-				Help: "Number of vulnerabilities across the whole portfolio, by severity.",
-			},
-			[]string{
-				"severity",
-			},
-		)
-		findings = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "portfolio", "findings"),
-				Help: "Number of findings across the whole portfolio, audited and unaudited.",
-			},
-			[]string{
-				"audited",
-			},
-		)
-	)
-	registry.MustRegister(
-		inheritedRiskScore,
-		vulnerabilities,
-		findings,
-	)
-
-	portfolioMetrics, err := e.Client.Metrics.LatestPortfolioMetrics(ctx)
+func (e *Exporter) Collect(ch chan<- prometheus.Metric) {
+	ctx := context.Background()
+	projects, err := e.fetchProjects(ctx)
 	if err != nil {
-		return err
+		e.logger.WarnContext(ctx, err.Error())
 	}
 
-	inheritedRiskScore.Set(portfolioMetrics.InheritedRiskScore)
+	for _, p := range e.filterProjects(projects) {
+		ch <- prometheus.MustNewConstMetric(e.vulnerabilities, prometheus.GaugeValue, float64(p.Metrics.Critical), p.Name, p.UUID.String(), p.Version, "critical")
+		ch <- prometheus.MustNewConstMetric(e.vulnerabilities, prometheus.GaugeValue, float64(p.Metrics.High), p.Name, p.UUID.String(), p.Version, "high")
+		ch <- prometheus.MustNewConstMetric(e.vulnerabilities, prometheus.GaugeValue, float64(p.Metrics.Medium), p.Name, p.UUID.String(), p.Version, "medium")
+		ch <- prometheus.MustNewConstMetric(e.vulnerabilities, prometheus.GaugeValue, float64(p.Metrics.Critical), p.Name, p.UUID.String(), p.Version, "low")
+		ch <- prometheus.MustNewConstMetric(e.vulnerabilities, prometheus.GaugeValue, float64(p.Metrics.Unassigned), p.Name, p.UUID.String(), p.Version, "unassigned")
 
-	severities := map[string]int{
-		"CRITICAL":   portfolioMetrics.Critical,
-		"HIGH":       portfolioMetrics.High,
-		"MEDIUM":     portfolioMetrics.Medium,
-		"LOW":        portfolioMetrics.Low,
-		"UNASSIGNED": portfolioMetrics.Unassigned,
-	}
-	for severity, v := range severities {
-		vulnerabilities.With(prometheus.Labels{
-			"severity": severity,
-		}).Set(float64(v))
-	}
+		ch <- prometheus.MustNewConstMetric(e.policyViolations, prometheus.GaugeValue, float64(p.Metrics.PolicyViolationsFail), p.Name, p.UUID.String(), p.Version, "fail")
+		ch <- prometheus.MustNewConstMetric(e.policyViolations, prometheus.GaugeValue, float64(p.Metrics.PolicyViolationsWarn), p.Name, p.UUID.String(), p.Version, "warn")
+		ch <- prometheus.MustNewConstMetric(e.policyViolations, prometheus.GaugeValue, float64(p.Metrics.PolicyViolationsInfo), p.Name, p.UUID.String(), p.Version, "info")
+		ch <- prometheus.MustNewConstMetric(e.policyViolations, prometheus.GaugeValue, float64(p.Metrics.PolicyViolationsUnaudited), p.Name, p.UUID.String(), p.Version, "unaudited")
 
-	findingsAudited := map[string]int{
-		"true":  portfolioMetrics.FindingsAudited,
-		"false": portfolioMetrics.FindingsUnaudited,
-	}
-	for audited, v := range findingsAudited {
-		findings.With(prometheus.Labels{
-			"audited": audited,
-		}).Set(float64(v))
+		ch <- prometheus.MustNewConstMetric(e.lastBOMImport, prometheus.GaugeValue, float64(p.LastBOMImport), p.Name, p.UUID.String(), p.Version)
+		ch <- prometheus.MustNewConstMetric(e.inheritedRiskScore, prometheus.GaugeValue, p.Metrics.InheritedRiskScore, p.Name, p.UUID.String(), p.Version)
 	}
-
-	return nil
 }
 
-func (e *Exporter) collectProjectMetrics(ctx context.Context, registry *prometheus.Registry) error {
-	var (
-		info = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "project", "info"),
-				Help: "Project information.",
-			},
-			[]string{
-				"uuid",
-				"name",
-				"version",
-				"classifier",
-				"active",
-				"tags",
-			},
-		)
-		vulnerabilities = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "project", "vulnerabilities"),
-				Help: "Number of vulnerabilities for a project by severity.",
-			},
-			[]string{
-				"uuid",
-				"name",
-				"version",
-				"severity",
-			},
-		)
-		policyViolations = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "project", "policy_violations"),
-				Help: "Policy violations for a project.",
-			},
-			[]string{
-				"uuid",
-				"name",
-				"version",
-				"type",
-				"state",
-				"analysis",
-				"suppressed",
-			},
-		)
-		lastBOMImport = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "project", "last_bom_import"),
-				Help: "Last BOM import date, represented as a Unix timestamp.",
-			},
-			[]string{
-				"uuid",
-				"name",
-				"version",
-			},
-		)
-		inheritedRiskScore = prometheus.NewGaugeVec(
-			prometheus.GaugeOpts{
-				Name: prometheus.BuildFQName(Namespace, "project", "inherited_risk_score"),
-				Help: "Inherited risk score for a project.",
-			},
-			[]string{
-				"uuid",
-				"name",
-				"version",
-			},
-		)
-	)
-	registry.MustRegister(
-		info,
-		vulnerabilities,
-		policyViolations,
-		lastBOMImport,
-		inheritedRiskScore,
-	)
+func (e *Exporter) Describe(ch chan<- *prometheus.Desc) {
+	prometheus.DescribeByCollect(e, ch)
+}
 
-	projects, err := e.fetchProjects(ctx)
-	if err != nil {
-		return err
-	}
+func (e *Exporter) fetchProjects(ctx context.Context) ([]dtrack.Project, error) {
+	return dtrack.FetchAll(func(po dtrack.PageOptions) (dtrack.Page[dtrack.Project], error) {
+		return e.client.Project.GetAll(ctx, po)
+	})
+}
 
-	for _, project := range projects {
-		projTags := ","
-		for _, t := range project.Tags {
-			projTags = projTags + t.Name + ","
-		}
-		info.With(prometheus.Labels{
-			"uuid":       project.UUID.String(),
-			"name":       project.Name,
-			"version":    project.Version,
-			"classifier": project.Classifier,
-			"active":     strconv.FormatBool(project.Active),
-			"tags":       projTags,
-		}).Set(1)
+func (e *Exporter) filterProjects(projects []dtrack.Project) []dtrack.Project {
+	m := make(map[string]dtrack.Project, len(projects))
 
-		severities := map[string]int{
-			"CRITICAL":   project.Metrics.Critical,
-			"HIGH":       project.Metrics.High,
-			"MEDIUM":     project.Metrics.Medium,
-			"LOW":        project.Metrics.Low,
-			"UNASSIGNED": project.Metrics.Unassigned,
-		}
-		for severity, v := range severities {
-			vulnerabilities.With(prometheus.Labels{
-				"uuid":     project.UUID.String(),
-				"name":     project.Name,
-				"version":  project.Version,
-				"severity": severity,
-			}).Set(float64(v))
+	for _, p := range projects {
+		val, ok := m[p.Name]
+		if !ok {
+			m[p.Name] = p
 		}
-		lastBOMImport.With(prometheus.Labels{
-			"uuid":    project.UUID.String(),
-			"name":    project.Name,
-			"version": project.Version,
-		}).Set(float64(project.LastBOMImport))
 
-		inheritedRiskScore.With(prometheus.Labels{
-			"uuid":    project.UUID.String(),
-			"name":    project.Name,
-			"version": project.Version,
-		}).Set(project.Metrics.InheritedRiskScore)
-
-		// Initialize all the possible violation series with a 0 value so that it
-		// properly records increments from 0 -> 1
-		if !e.ReducePolicyCardinality {
-			for _, possibleType := range []string{"LICENSE", "OPERATIONAL", "SECURITY"} {
-				for _, possibleState := range []string{"INFO", "WARN", "FAIL"} {
-					for _, possibleAnalysis := range []dtrack.ViolationAnalysisState{
-						dtrack.ViolationAnalysisStateApproved,
-						dtrack.ViolationAnalysisStateRejected,
-						dtrack.ViolationAnalysisStateNotSet,
-						// If there isn't any analysis for a policy
-						// violation then the value in the UI is
-						// actually empty. So let's represent that in
-						// these metrics as a possible analysis state.
-						"",
-					} {
-						for _, possibleSuppressed := range []string{"true", "false"} {
-							policyViolations.With(prometheus.Labels{
-								"uuid":       project.UUID.String(),
-								"name":       project.Name,
-								"version":    project.Version,
-								"type":       possibleType,
-								"state":      possibleState,
-								"analysis":   string(possibleAnalysis),
-								"suppressed": possibleSuppressed,
-							})
-						}
-					}
-				}
-			}
+		if val.Metrics.FirstOccurrence < p.Metrics.FirstOccurrence {
+			m[p.Name] = p
 		}
 	}
 
-	violations, err := e.fetchPolicyViolations(ctx)
-	if err != nil {
-		return err
-	}
+	filtered := make([]dtrack.Project, 0, len(projects))
 
-	for _, violation := range violations {
-		var (
-			analysisState string
-			suppressed    string = "false"
-		)
-		if analysis := violation.Analysis; analysis != nil {
-			analysisState = string(analysis.State)
-			suppressed = strconv.FormatBool(analysis.Suppressed)
-		}
-		policyViolations.With(prometheus.Labels{
-			"uuid":       violation.Project.UUID.String(),
-			"name":       violation.Project.Name,
-			"version":    violation.Project.Version,
-			"type":       violation.Type,
-			"state":      string(violation.PolicyCondition.Policy.ViolationState),
-			"analysis":   analysisState,
-			"suppressed": suppressed,
-		}).Inc()
+	for _, p := range m {
+		e.logger.Info("filtering", "project", p)
+		filtered = append(filtered, p)
 	}
 
-	return nil
-}
-
-func (e *Exporter) fetchProjects(ctx context.Context) ([]dtrack.Project, error) {
-	return dtrack.FetchAll(func(po dtrack.PageOptions) (dtrack.Page[dtrack.Project], error) {
-		return e.Client.Project.GetAll(ctx, po)
-	})
-}
-
-func (e *Exporter) fetchPolicyViolations(ctx context.Context) ([]dtrack.PolicyViolation, error) {
-	return dtrack.FetchAll(func(po dtrack.PageOptions) (dtrack.Page[dtrack.PolicyViolation], error) {
-		return e.Client.PolicyViolation.GetAll(ctx, true, po)
-	})
+	return filtered
 }
diff --git a/internal/exporter/exporter_test.go b/internal/exporter/exporter_test.go
deleted file mode 100644
index 6d1e672..0000000
--- a/internal/exporter/exporter_test.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package exporter
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"strconv"
-	"testing"
-
-	dtrack "github.com/DependencyTrack/client-go"
-	"github.com/google/go-cmp/cmp"
-	"github.com/google/uuid"
-)
-
-func TestFetchProjects_Pagination(t *testing.T) {
-	mux := http.NewServeMux()
-	server := httptest.NewServer(mux)
-
-	var wantProjects []dtrack.Project
-	for i := 0; i < 468; i++ {
-		wantProjects = append(wantProjects, dtrack.Project{
-			UUID: uuid.New(),
-		})
-	}
-
-	mux.HandleFunc("/api/v1/project", func(w http.ResponseWriter, r *http.Request) {
-		pageSize, err := strconv.Atoi(r.URL.Query().Get("pageSize"))
-		if err != nil {
-			t.Fatalf("unexpected error converting pageSize to int: %s", err)
-		}
-		pageNumber, err := strconv.Atoi(r.URL.Query().Get("pageNumber"))
-		if err != nil {
-			t.Fatalf("unexpected error converting pageNumber to int: %s", err)
-		}
-		w.Header().Set("X-Total-Count", strconv.Itoa(len(wantProjects)))
-		w.Header().Set("Content-type", "application/json")
-		var projects []dtrack.Project
-		for i := 0; i < pageSize; i++ {
-			idx := (pageSize * (pageNumber - 1)) + i
-			if idx >= len(wantProjects) {
-				break
-			}
-			projects = append(projects, wantProjects[idx])
-		}
-		json.NewEncoder(w).Encode(projects)
-	})
-
-	client, err := dtrack.NewClient(server.URL)
-	if err != nil {
-		t.Fatalf("unexpected error setting up client: %s", err)
-	}
-
-	e := &Exporter{
-		Client: client,
-	}
-
-	gotProjects, err := e.fetchProjects(context.Background())
-	if err != nil {
-		t.Fatalf("unexpected error fetching projects: %s", err)
-	}
-
-	if diff := cmp.Diff(wantProjects, gotProjects); diff != "" {
-		t.Errorf("unexpected projects:\n%s", diff)
-	}
-}
-
-func TestFetchPolicyViolations_Pagination(t *testing.T) {
-	mux := http.NewServeMux()
-	server := httptest.NewServer(mux)
-
-	var wantPolicyViolations []dtrack.PolicyViolation
-	for i := 0; i < 468; i++ {
-		wantPolicyViolations = append(wantPolicyViolations, dtrack.PolicyViolation{
-			UUID: uuid.New(),
-		})
-	}
-
-	mux.HandleFunc("/api/v1/violation", func(w http.ResponseWriter, r *http.Request) {
-		pageSize, err := strconv.Atoi(r.URL.Query().Get("pageSize"))
-		if err != nil {
-			t.Fatalf("unexpected error converting pageSize to int: %s", err)
-		}
-		pageNumber, err := strconv.Atoi(r.URL.Query().Get("pageNumber"))
-		if err != nil {
-			t.Fatalf("unexpected error converting pageNumber to int: %s", err)
-		}
-		w.Header().Set("X-Total-Count", strconv.Itoa(len(wantPolicyViolations)))
-		w.Header().Set("Content-type", "application/json")
-		var policyViolations []dtrack.PolicyViolation
-		for i := 0; i < pageSize; i++ {
-			idx := (pageSize * (pageNumber - 1)) + i
-			if idx >= len(wantPolicyViolations) {
-				break
-			}
-			policyViolations = append(policyViolations, wantPolicyViolations[idx])
-		}
-		json.NewEncoder(w).Encode(policyViolations)
-	})
-
-	client, err := dtrack.NewClient(server.URL)
-	if err != nil {
-		t.Fatalf("unexpected error setting up client: %s", err)
-	}
-
-	e := &Exporter{
-		Client: client,
-	}
-
-	gotPolicyViolations, err := e.fetchPolicyViolations(context.Background())
-	if err != nil {
-		t.Fatalf("unexpected error fetching projects: %s", err)
-	}
-
-	if diff := cmp.Diff(wantPolicyViolations, gotPolicyViolations); diff != "" {
-		t.Errorf("unexpected policy violations:\n%s", diff)
-	}
-}
diff --git a/main.go b/main.go
index 653587b..8726011 100644
--- a/main.go
+++ b/main.go
@@ -16,6 +16,7 @@ import (
 	"github.com/dwalker-sabiogroup/dependency-track-exporter/internal/exporter"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/collectors"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/prometheus/common/promlog"
 	"github.com/prometheus/common/promlog/flag"
 	"github.com/prometheus/common/version"
@@ -24,9 +25,8 @@ import (
 )
 
 const (
-	envAddress                         string = "DEPENDENCY_TRACK_ADDR"
-	envAPIKey                          string = "DEPENDENCY_TRACK_API_KEY"
-	envExporterReducePolicyCardinality string = "EXPORTER_REDUCE_POLICY_CARDINALITY"
+	envAddress string = "DEPENDENCY_TRACK_ADDR"
+	envAPIKey  string = "DEPENDENCY_TRACK_API_KEY"
 )
 
 func init() {
@@ -35,17 +35,16 @@ func init() {
 
 func main() {
 	var (
-		profilingConfig                 = kingpin.Flag("web.pprof-listen-address", "Address to listen on for pprof").Default(":9917").String()
-		webConfig                       = kingpin.Flag("web.listen-address", "Address to listen on for web interface and telemetry").Default(":9916").String()
-		metricsPath                     = kingpin.Flag("web.metrics-path", "Path under which to expose metrics").Default("/metrics").String()
-		dtAddress                       = kingpin.Flag("dtrack.address", fmt.Sprintf("Dependency-Track server address (can also be set with $%s)", envAddress)).Default("http://localhost:8080").Envar(envAddress).String()
-		dtAPIKey                        = kingpin.Flag("dtrack.api-key", fmt.Sprintf("Dependency-Track API key (can also be set with $%s)", envAPIKey)).Envar(envAPIKey).Required().String()
-		exporterReducePolicyCardinality = kingpin.Flag("exporter.reduce-policy-cardinality", fmt.Sprintf("Initialize all policy_violations metric label values (can also be set with $%s)", envExporterReducePolicyCardinality)).Envar(envExporterReducePolicyCardinality).Default("true").Bool()
-		promlogConfig                   = promlog.Config{}
+		profilingConfig = kingpin.Flag("web.pprof-listen-address", "Address to listen on for pprof").Default(":9917").String()
+		webConfig       = kingpin.Flag("web.listen-address", "Address to listen on for web interface and telemetry").Default(":9916").String()
+		metricsPath     = kingpin.Flag("web.metrics-path", "Path under which to expose metrics").Default("/metrics").String()
+		dtAddress       = kingpin.Flag("dtrack.address", fmt.Sprintf("Dependency-Track server address (can also be set with $%s)", envAddress)).Default("http://localhost:8080").Envar(envAddress).String()
+		dtAPIKey        = kingpin.Flag("dtrack.api-key", fmt.Sprintf("Dependency-Track API key (can also be set with $%s)", envAPIKey)).Envar(envAPIKey).Required().String()
+		promlogConfig   = promlog.Config{}
 	)
 
 	flag.AddFlags(kingpin.CommandLine, &promlogConfig)
-	kingpin.Version(version.Print(exporter.Namespace + "_exporter"))
+	kingpin.Version(version.Print("dependency_track_exporter"))
 	kingpin.HelpFlag.Short('h')
 	kingpin.Parse()
 
@@ -56,7 +55,7 @@ func main() {
 		WithTraceID: true,
 	}
 
-	logger.Info(fmt.Sprintf("Starting %s_exporter %s", exporter.Namespace, version.Info()))
+	logger.Info(fmt.Sprintf("Starting depnendency_track_exporter %s", version.Info()))
 	logger.Info("Build context " + version.BuildContext())
 
 	c, err := dtrack.NewClient(*dtAddress, dtrack.WithAPIKey(*dtAPIKey))
@@ -65,18 +64,16 @@ func main() {
 		os.Exit(1)
 	}
 
-	e := exporter.Exporter{
-		Client:                  c,
-		Logger:                  logger,
-		ReducePolicyCardinality: *exporterReducePolicyCardinality,
-	}
+	e := exporter.New(c, logger)
+
+	prometheus.MustRegister(e)
 
 	mux := http.NewServeMux()
 
 	handler := sloghttp.Recovery(mux)
 	handler = sloghttp.NewWithConfig(logger, config)(handler)
 
-	mux.Handle(*metricsPath, otelhttp.WithRouteTag(*metricsPath, e.HandlerFunc()))
+	mux.Handle(*metricsPath, otelhttp.WithRouteTag(*metricsPath, promhttp.Handler()))
 
 	mux.Handle("/", otelhttp.WithRouteTag("/", http.HandlerFunc(
 		func(w http.ResponseWriter, _ *http.Request) {

From 6eec6cc80aa33d155bfd9898fba0f5ee4544c966 Mon Sep 17 00:00:00 2001
From: David Walker <dwalker@sabiogroup.com>
Date: Sun, 1 Sep 2024 22:10:38 +0100
Subject: [PATCH 8/8] fix: remove debug logging

---
 internal/exporter/exporter.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/internal/exporter/exporter.go b/internal/exporter/exporter.go
index 355f64c..23198cf 100644
--- a/internal/exporter/exporter.go
+++ b/internal/exporter/exporter.go
@@ -99,7 +99,6 @@ func (e *Exporter) filterProjects(projects []dtrack.Project) []dtrack.Project {
 	filtered := make([]dtrack.Project, 0, len(projects))
 
 	for _, p := range m {
-		e.logger.Info("filtering", "project", p)
 		filtered = append(filtered, p)
 	}