Because scanning all of your files is a very resource-intensive and time-consuming task, you might want to customize this scanning to your needs.

time between scans

By default, Puppet scans your system once every 24 hours. If you would like to change this time, you can add this to your hieradata:

vulnerability::setup::ttl_hours:          48

This will change the frequency to once every 48 hours. The longer you make this interval, the less up-to-date your list of vulnerabilities is, and the fewer resources and times it takes. See here for more details.

Directories to scan

By default Puppet will scan all of your files. This is probably a bit too much. You can control the directories that are scanned by adding them to your hiera data like this:

- /bin
- /usr/bin
- /sbin
- /myapp

See here for more details.

Files and directories to exclude

By default Puppet will scan all of the files and subdirectories you have specified in the previous step. You might, however want to exclude specific files and/or directories. You can control this by adding this to your hiera data:

- ./software_kits
- ./user_files/**/*.tar

See here for more details.