fix(trivy): deduplicate vulnerability counts to avoid per-container m…

[jnt2007]

Problem

The trivy_image_vulnerabilities metric is emitted once per container instance
that uses a given image, not once per unique image. When the same image (e.g.
bitnami/kubectl:1.35.0) is used by N containers in a namespace, the current
sum(trivy_image_vulnerabilities{...}) multiplies the actual vulnerability count
by N.
Example: 40 unique Medium vulnerabilities in an image used by 8 containers →
dashboard shows 320 instead of 40.

Fix

Wrap each sum() with max by (namespace, image_registry, image_repository, image_tag, severity) to deduplicate across container instances before summing:

-- Before
sum(trivy_image_vulnerabilities{...})
-- After
sum(max by (namespace, image_registry, image_repository, image_tag, severity)
  (trivy_image_vulnerabilities{...}))

The max by selects one representative time series per unique image+severity
combination, discarding the per-pod/container labels (container_name, pod,
resource_name, etc.) that cause the inflation.

Panels affected (9)

• CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN stat panels
• TOTAL stat panel
• Total vulnerabilities by namespaces (timeseries)
• Total vulnerabilities by severity in selected namespace(s) (timeseries)
• Vulnerability count per image and severity in $namespace namespace(s) (table)

Notes

• Dashboard version bumped from 15 → 16
• Follows Conventional Commits style

[jnt2007]

@dotdc hi. Could you please review the PR? Thanks ❤️

[dotdc]

🎉 This PR is included in version 3.0.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀