facts

Overview

The vulnerability module gives you access to a number of facts.

Attributes

Attribute Name	Short Description
cve_list	The list of all detected CVE’s on the system.
grype_version	Reports the installed version of `grype`.

cve_list

The list of all detected CVE’s on the system.

This is the core of the vulnerability module. Puppet® scans at regular intervals for vulnerabilities and reports them in the fact `cve_list.

Here is part of an extract:

$ puppet facts cve_list
{
  "cve_list": {
    "CVE-2005-2541": {
      "artifact_name": "tar",
      "fix_state": "wont-fix",
      "locations": [
        "/var/lib/rpm/Packages"
      ],
      "severity": "Medium",
      "version": "2:1.30-4.el8"
    },
    "CVE-2008-1145": {
      "artifact_name": "webrick",
      "fix_state": "unknown",
      "locations": [
        "/vagrant/modules/vulnerability/Gemfile.lock"
      ],
      "severity": "Medium",
      "version": "1.7.0"
    },
    ...
    ...
  }
}

The module contains a number of ways to use this fact to:

Do something based on a found CVE
Do something based on the number of detected CVE’s of a specific level
Report on the number of found CVE’s

Back to overview of facts

grype_version

Reports the installed version of grype.

To be able to use Puppet® to seamlessly install and do updates of grype, this module fetches the installed version of grype.

Back to overview of facts

facts

Overview

Attributes

cve_list

grype_version

vulnerability

Company.

Quick Links.

Contact us?