Export fields `Target` and `Class` as labels

Hello,
in vulnerability reports created by trivy-operator there are [optional report fields](https://aquasecurity.github.io/trivy-operator/v0.11.1/docs/vulnerability-scanning/trivy/#:~:text=additionalVulnerabilityReportFields), like `Target` or `Class`:

```text
  - class: lang-pkgs
    fixedVersion: "1.32"
    installedVersion: "1.25"
    links: []
    primaryLink: https://avd.aquasec.com/nvd/cve-2022-38752
    resource: org.yaml:snakeyaml
    score: 6.5
    severity: MEDIUM
    target: Java
    title: 'snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode'
    vulnerabilityID: CVE-2022-38752
```

It would be really cool to see a summary in Grafana dashboards what % of vulnerabilities come from OS vs application. It seems like adding these fields to exporter would be as simple as adding two more variables [here](https://github.com/giantswarm/starboard-exporter/blob/main/controllers/vulnerabilityreport/vulnerabilityreport_controller.go#L279) and [here](https://github.com/giantswarm/starboard-exporter/blob/main/controllers/vulnerabilityreport/vulnerabilityreport_metrics.go#L25), since these types are defined in [Vulnerability struct](https://github.com/aquasecurity/trivy-operator/blob/823bcc3a9a9a16340ac5d138561f1db16dac2c2c/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go#L64) (although, my golang knowledge is very, very limited).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Export fields `Target` and `Class` as labels #201

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Export fields Target and Class as labels #201

Description

Activity