guarding

Overview

Ok, so now you have all the information about found vulnerabilities on your system. But how are you going to use it.

Failing when a vulnerability is found

The ::vulnerability::guard class allows you to specify the number of vulnerabilities you allow on your system. When more vulnerabilities are found, Puppet® will throw an error. You will need to monitor the status of the Puppet® runs on your puppetserver and take appropriate action when Puppet® fails because of a detected vulnerability.

Executing Puppet® code when a vulnerability is found

The module contains some functions you can use in your Puppet® code to determine if a certain CVE is detected and when it is, execute some remediation Puppet® code for this.

Using the command line

The Vulnerability module contains a command-line utility. Using the utility, you can select the list of detected vulnerabilities and maybe rep[ort information to monitoring utilities.