anchore
diff --git a/‎.github/workflows/deploy.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/deploy.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/openshift-test.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/openshift-test.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/test.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/test.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 4 additions & 0 deletions b/‎.gitignore‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎ct-config.yaml‎
Lines changed: 1 addition & 0 deletions b/‎ct-config.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎stable/enterprise/Chart.lock‎
Lines changed: 5 additions & 2 deletions b/‎stable/enterprise/Chart.lock‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎stable/enterprise/Chart.yaml‎
Lines changed: 6 additions & 1 deletion b/‎stable/enterprise/Chart.yaml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎stable/enterprise/README.md‎
Lines changed: 75 additions & 1 deletion b/‎stable/enterprise/README.md‎
Lines changed: 75 additions & 1 deletion
@@ -36,6 +36,7 @@ jobs:
         run: |
           helm repo add anchore https://charts.anchore.io/stable
           helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
 
       - name: Run chart-releaser not latest
         if: github.event.pull_request.base.ref != 'main'
 
@@ -122,6 +122,7 @@ jobs:
       run: |
         helm repo add anchore https://charts.anchore.io || echo "anchore repo already added"
         helm repo add bitnami https://charts.bitnami.com/bitnami || echo "bitnami repo already added"
+        helm repo add prometheus-community https://prometheus-community.github.io/helm-charts || echo "prometheus-community repo already added"
         helm repo update
 
         if [[ "${{ matrix.cluster.distribution }}" == "openshift" ]]; then
 
@@ -101,6 +101,7 @@ jobs:
 
         helm repo add anchore https://charts.anchore.io || echo "anchore repo already added"
         helm repo add bitnami https://charts.bitnami.com/bitnami || echo "bitnami repo already added"
+        helm repo add prometheus-community https://prometheus-community.github.io/helm-charts || echo "prometheus-community repo already added"
         helm repo update
         helm install enterprise anchore/enterprise --namespace anchore -f stable/anchore-admission-controller/ci/enterprise-vals.yaml --wait
         kubectl --namespace anchore get pods
 
@@ -6,3 +6,7 @@ charts/
 *.code-workspace
 .DS_Store
 .vscode/
+.env
+.envrc
+*.log
+MyValues*.yaml
@@ -5,6 +5,7 @@ chart-dirs:
 chart-repos:
   - anchore=https://charts.anchore.io/stable
   - bitnami=https://charts.bitnami.com/bitnami
+  - prometheus-community=https://prometheus-community.github.io/helm-charts
 namespace: anchore
 release-label: anchore
 exclude-deprecated: true
@@ -5,5 +5,8 @@ dependencies:
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 17.11.8
-digest: sha256:0ecd9810e416973f8bc4caa4641764b10ff5224edaecb1a5b66d3b1f82948537
-generated: "2024-08-15T22:30:42.63806-07:00"
+- name: prometheus
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 27.30.0
+digest: sha256:2f9084f626cb172c0f0ce0c78b8597541e46fcfda3fdbec81860d60e2b61e4d3
+generated: "2025-08-11T10:13:49.8922-04:00"
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: enterprise
-version: "3.18.0"
+version: "3.19.0"
 appVersion: "5.23.0"
 kubeVersion: 1.23.x - 1.34.x || 1.23.x-x - 1.34.x-x
 description: |
@@ -38,3 +38,8 @@ dependencies:
     repository: "oci://registry-1.docker.io/bitnamicharts"
     condition: ui-redis.chartEnabled
     alias: ui-redis
+  - name: prometheus
+    version: "~27.30.0"
+    repository: "https://prometheus-community.github.io/helm-charts"
+    condition: prometheus.chartEnabled
+    alias: prometheus
@@ -418,6 +418,52 @@ anchoreConfig:
 
 For those using the [Prometheus operator](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/developer/getting-started.md), a ServiceMonitor can be deployed within the same namespace as your Anchore Enterprise release. Once deployed, the Prometheus operator will automatically begin scraping the pre-configured endpoints for metrics.
 
+#### Prometheus Metrics Internal Scraping (Optional) - *Beta Feature*
+
+**Note:** This feature is currently in **BETA**. More features, functionality, and support for this is planned.
+
+Enabling this feature is optional. It provides a built-in Prometheus instance configured for monitoring Anchore Enterprise. It is setup to be internal only, scrape targets internally, and the intention is to provide service information and metrics for debugging and troubleshooting purposes. There is no ingress created for this Prometheus instance by default. There are also no dashboards or other human-friendly configurations set inside Prometheus since this iteration is intended to support automated tooling only, not direct human use.
+
+**If you are looking to add Prometheus monitoring to your deployment for Operational purposes, it is recommended to use an external Prometheus instance and configure it to scrape the Anchore Enterprise services as shown above in the "Prometheus Metrics" section above.*
+
+This chart uses the community Prometheus chart and sets up a ConfigMap containing a working `prometheus.yml` with a scalable scrape configuration for Anchore Enterprise and common Kubernetes targets automatically.
+
+- Toggle with `prometheus.chartEnabled` (default: `false`).
+- You **MUST** enable the Anchore metrics endpoint as shown above for the Enterprise services to expose metrics.
+
+**Example usage:**
+
+Minimal example to enable metrics and the internal Prometheus:
+
+```yaml
+anchoreConfig:
+  metrics:
+    enabled: true
+    # Note: The current beta Prometheus implementation requires metrics to be unauthenticated.
+    auth_disabled: true
+
+prometheus:
+  chartEnabled: true
+```
+
+**Obtaining more detail by enabling the Node Exporter**
+
+Additionally, adding the optional Node Exporter with this Prometheus deployment can provide additional node-level metrics for your Anchore Enterprise deployment.
+
+Minimal example to enable metrics, the internal Prometheus, and the Node Exporter:
+
+```yaml
+anchoreConfig:
+  metrics:
+    enabled: true
+    # Note: The current beta Prometheus implementation requires metrics to be unauthenticated.
+    auth_disabled: true
+prometheus:
+  chartEnabled: true
+  prometheus-node-exporter:
+    enabled: true
+```
+
 #### Example ServiceMonitor Configuration
 
 The `targetPort` values in this example use the default Anchore Enterprise service ports.
@@ -1205,16 +1251,44 @@ To restore your deployment to using your previous driver configurations:
 | `osaaMigrationJob.objectStoreMigration.object_store`         | The configuration of the object_store for the dest-config.yaml                                                   | `{}`                         |
 | `extraManifests`                                             | List of additional manifests to be included in the chart                                                         | `[]`                         |
 
+### Optional Prometheus Monitoring for Anchore Enterprise
+
+| Name                                                     | Description                                                                           | Value                                  |
+| -------------------------------------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------- |
+| `prometheus.chartEnabled`                                | Enable Prometheus monitoring for Anchore Enterprise                                   | `false`                                |
+| `prometheus.alertmanager.enabled`                        | Enable Alertmanager for alert management                                              | `false`                                |
+| `prometheus.server.retention`                            | Data retention period for Prometheus                                                  | `14d`                                  |
+| `prometheus.server.retentionSize`                        | Maximum storage size for Prometheus data                                              | `12GB`                                 |
+| `prometheus.server.service.type`                         | Kubernetes service type for Prometheus                                                | `ClusterIP`                            |
+| `prometheus.server.persistentVolume.enabled`             | Enable persistent storage for Prometheus                                              | `true`                                 |
+| `prometheus.server.persistentVolume.size`                | Storage size for Prometheus persistent volume                                         | `40Gi`                                 |
+| `prometheus.prometheus-node-exporter.enabled`            | Enable node-exporter for node metrics                                                 | `false`                                |
+| `prometheus.kube-state-metrics.enabled`                  | Enable kube-state-metrics for cluster metrics                                         | `true`                                 |
+| `prometheus.prometheus-pushgateway.enabled`              | Enable pushgateway for custom metrics                                                 | `false`                                |
+| `prometheus.server.name`                                 | Name override for Prometheus server resources                                         | `internal-anchore-prometheus-server`   |
+| `prometheus.server.configMapOverrideName`                | Name of an existing ConfigMap to override the default Prometheus server configuration | `anchore-enterprise-prometheus-config` |
+| `prometheus.server.extraFlags`                           | Additional Prometheus server flags (list).                                            | `["web.enable-admin-api"]`             |
+| `prometheus.prometheus-node-exporter.nameOverride`       | Base name for node-exporter resources (will be prefixed by release name)              | `enterprise-prometheus-node-exporter`  |
+| `prometheus.prometheus-node-exporter.port`               | Container port where node-exporter exposes metrics                                    | `9120`                                 |
+| `prometheus.prometheus-node-exporter.service.name`       | Service name for node-exporter                                                        | `enterprise-prometheus-node-exporter`  |
+| `prometheus.prometheus-node-exporter.service.port`       | Service port for node-exporter                                                        | `9120`                                 |
+| `prometheus.prometheus-node-exporter.service.targetPort` | Target port on the node-exporter pod the Service forwards to                          | `9120`                                 |
+
 ## Release Notes
 
 For the latest updates and features in Anchore Enterprise, see the official [Release Notes](https://docs.anchore.com/current/docs/releasenotes/).
 
+
 - **Major Chart Version Change (e.g., v0.1.2 -> v1.0.0)**: Signifies an incompatible breaking change that necessitates manual intervention, such as updates to your values file or data migrations.
 - **Minor Chart Version Change (e.g., v0.1.2 -> v0.2.0)**: Indicates a significant change to the deployment that does not require manual intervention.
 - **Patch Chart Version Change (e.g., v0.1.2 -> v0.1.3)**: Indicates a backwards-compatible bug fix or documentation update.
 
+### v3.19.x
+  #### V3.19.0
+  - Adds an optional Prometheus monitoring setup to Anchore Enterprise for future internal monitoring and support
+
 ### V3.18.x
-  #### V3.17.0
+  #### V3.18.0
   - Adds support for specifying custom init containers in deployments and jobs
 
 ### V3.17.x