search

juice-shop / multi-juicer

Host and manage multiple Juice Shop instances for security trainings and Capture The Flags
Apache License 2.0
270 stars 125 forks source link

Show instance cheat scores on admin dashboard #252

Open bkimminich opened 3 days ago

bkimminich commented 3 days ago

As an admin it would be nice to have the total cheat score per instance visible on the dashboard. This can be retrieved via the Prometheus endpoint /metrics from the juiceshop_cheat_score{app="juiceshop"} field per instance.

⚠️ This would probably solve the "Exposed Metrics" challenge for all instances if pulled from /metrics! The webhook payload also contains the current total cheat score. Other than the challenge status, the cheat score is not available via API/database but on-demand only via Prometheus endpoint.

J12934 commented 3 days ago

Cool idea :)

It wouldn't need to solve the challenge. We already have a exclusion for requests with a Prometheus user agent. https://github.com/juice-shop/juice-shop/blob/master/routes/metrics.ts#L70