Overview

The vulnerability module also allows a command-line utility to access the vulnerabilities detected on the system.

Getting a summary

$ puppet vulnerability list --summary

This command inspects all detected vulnerabilities and prints a summary:

Critical Vulnerabilities:    3 found.
High Vulnerabilities:        90 found.

getting details

When you also want to see all details, use the --details option. When you only want to see the vulnerabilities above a certain level, use the --level option. Here is an example:

$ puppet vulnerability list -d -l Critical
{"CVE-2021-43527"=>
  {"artifact_name"=>"nss-util",
   "version"=>"3.44.0-9.el8_1",
   "severity"=>"Critical",
   "fix_state"=>"fixed",
   "locations"=>["/var/lib/rpm/Packages"]}}

Allowing CVE’s

When you want to allow some CVE’s and not report on them, you can add an allow list. Here is an example:

$ puppet vulnerability list -d -l Critical -a CVE-2018-11749,CVE-2021-27023