Created
November 18, 2025 01:29
-
-
Save williamzujkowski/d56a2e449cdadd843f86c9c5af8fed56 to your computer and use it in GitHub Desktop.
Vulnerability Scanner - Configuration and Grafana Dashboard
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "dashboard": { | |
| "title": "Vulnerability Scanner - Homelab", | |
| "panels": [ | |
| { | |
| "title": "Total Vulnerabilities by Severity", | |
| "type": "graph", | |
| "targets": [ | |
| { | |
| "expr": "vulns_total{severity=\"critical\"}", | |
| "legendFormat": "Critical" | |
| }, | |
| { | |
| "expr": "vulns_total{severity=\"high\"}", | |
| "legendFormat": "High" | |
| }, | |
| { | |
| "expr": "vulns_total{severity=\"medium\"}", | |
| "legendFormat": "Medium" | |
| }, | |
| { | |
| "expr": "vulns_total{severity=\"low\"}", | |
| "legendFormat": "Low" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Vulnerabilities by Package", | |
| "type": "table", | |
| "targets": [ | |
| { | |
| "expr": "vulns_by_package", | |
| "format": "table" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Scan Duration (seconds)", | |
| "type": "graph", | |
| "targets": [ | |
| { | |
| "expr": "scanner_duration_seconds", | |
| "legendFormat": "Scan Duration" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Critical Vulnerabilities Alert", | |
| "type": "singlestat", | |
| "targets": [ | |
| { | |
| "expr": "vulns_total{severity=\"critical\"}" | |
| } | |
| ], | |
| "thresholds": "1,5", | |
| "colors": ["green", "yellow", "red"] | |
| } | |
| ] | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Vulnerability Scanner Configuration | |
| # NVD API settings | |
| nvd: | |
| api_key: "your_nvd_api_key_here" | |
| base_url: "https://services.nvd.nist.gov/rest/json/cves/2.0" | |
| rate_limit: 50 # requests per 30 seconds | |
| timeout: 10 # seconds | |
| # Homelab hosts to scan | |
| hosts: | |
| - name: "homelab-server-01" | |
| ssh_user: "admin" | |
| ssh_key: "/home/user/.ssh/id_rsa" | |
| - name: "homelab-server-02" | |
| ssh_user: "admin" | |
| ssh_key: "/home/user/.ssh/id_rsa" | |
| - name: "docker-host" | |
| ssh_user: "root" | |
| ssh_key: "/home/user/.ssh/id_rsa" | |
| - name: "proxmox-node-01" | |
| ssh_user: "root" | |
| ssh_key: "/home/user/.ssh/id_rsa" | |
| # Severity filtering | |
| severity_filter: | |
| alert_on: | |
| - CRITICAL | |
| - HIGH | |
| monitor_only: | |
| - MEDIUM | |
| - LOW | |
| # Special packages (always alert regardless of severity) | |
| critical_packages: | |
| - openssh-server | |
| - sudo | |
| - linux-image | |
| - docker-ce | |
| - nginx | |
| # Alert destinations | |
| alerts: | |
| slack: | |
| enabled: true | |
| webhook_url: "https://hooks.slack.com/services/YOUR/WEBHOOK/URL" | |
| channel: "#security-alerts" | |
| email: | |
| enabled: true | |
| smtp_server: "smtp.gmail.com" | |
| smtp_port: 587 | |
| from: "[email protected]" | |
| to: | |
| - "[email protected]" | |
| prometheus: | |
| enabled: true | |
| pushgateway: "http://prometheus-pushgateway:9091" | |
| job_name: "vuln_scanner" | |
| # Scan schedule | |
| schedule: | |
| enabled: true | |
| cron: "0 6 * * *" # Daily at 06:00 UTC | |
| # Cache settings | |
| cache: | |
| enabled: true | |
| ttl: 86400 # 24 hours | |
| backend: "sqlite" | |
| path: "/var/lib/vuln-scanner/cache.db" | |
| # Reporting | |
| reports: | |
| daily_summary: true | |
| detailed_csv: true | |
| output_dir: "/var/log/vuln-scanner" | |
| retention_days: 30 | |
| # Debian backport detection | |
| backports: | |
| check_debian_security_tracker: true | |
| check_ubuntu_usn: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment