command-line
Overview
The vulnerability module also allows a command-line utility to access the vulnerabilities detected on the system.
Getting a summary
$ puppet vulnerability list --summary
This command inspects all detected vulnerabilities and prints a summary:
Critical Vulnerabilities: 3 found.
High Vulnerabilities: 90 found.
getting details
When you also want to see all details, use the --details
option. When you only want to see the vulnerabilities above a certain level, use the --level
option. Here is an example:
$ puppet vulnerability list -d -l Critical
{"CVE-2021-43527"=>
{"artifact_name"=>"nss-util",
"version"=>"3.44.0-9.el8_1",
"severity"=>"Critical",
"fix_state"=>"fixed",
"locations"=>["/var/lib/rpm/Packages"]}}
Allowing CVE’s
When you want to allow some CVE’s and not report on them, you can add an allow list. Here is an example:
$ puppet vulnerability list -d -l Critical -a CVE-2018-11749,CVE-2021-27023