search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
121.75k stars 17.41k forks source link

x/telemetry/config: add govulncheck counters #67678

Closed zpavlinovic closed 2 months ago

zpavlinovic commented 2 months ago

Proposal Details

Counter Names

govulncheck/level:{symbol, package, module} govulncheck/mode:{source, binary, extract, query, convert} govulncheck/format:{text, json, sarif, openvex} govulncheck/show:{none, traces, color, verbose, version} govulncheck/assumptions:{multi-patterns, no-binary-platform, no-relative-path, no-go-root, local-replace, unknown-pkg-mod-path} govulncheck/vulns: {reviewed,unreviewed}

Description

See proposed config change.

Rationale

The proposed counters will allow us to better understand how people are using and interacting with govulncheck, which should help us with work prioritization and improvement of services. For instance, govulncheck/show:traces will tell us how often are users inspecting call stacks in detail. This in turn can help us plan for better call stack heuristics down the road.

Do the counters carry sensitive user information?

No.

Version

Starting with govulncheck v1.1.1.

Proposed Graph Config

counter: govulncheck/scan:{symbol,package,module}
title: Scan Level Distribution
description: measure govulncheck scan level distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]

counter: govulncheck/mode:{source,binary,extract,query,convert}
title: Scan Mode Distribution
description: measure govulncheck scan mode distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]

counter: govulncheck/format:{text,json,sarif,openvex}
title: Output Format Distribution
description: measure govulncheck output format distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]

counter: govulncheck/show:{none,traces,color,verbose,version}
title: Show Options Distribution
description: measure govulncheck show flag distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]

govulncheck/assumptions:{multi-patterns, no-binary-platform, no-relative-path, no-go-root, local-replace, unknown-pkg-mod-path}
title: Code Invariants Distribution
description: measure distribution of failed govulncheck internal assumptions
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]
findleyr commented 2 months ago

Looks good to us. Can you please send a CL implementing the new config? Thanks.

gopherbot commented 2 months ago

Change https://go.dev/cl/588736 mentions this issue: internal/chartconfig: add govulncheck counters