guarding
Overview
Ok, so now you have all the information about found vulnerabilities on your system. But how are you going to use it.
Failing when a vulnerability is found
The ::vulnerability::guard
class allows you to specify the number of vulnerabilities you allow on your system. When more vulnerabilities are found, Puppet will throw an error. You will need to monitor the status of the Puppet runs on your puppetserver and take appropriate action when Puppet fails because of a detected vulnerability.
Executing Puppet code when a vulnerability is found
The module contains some functions you can use in your Puppet code to determine if a certain CVE is detected and when it is, execute some remediation Puppet code for this.
Using the command line
The Vulnerability module contains a command-line utility. Using the utility, you can select the list of detected vulnerabilities and maybe rep[ort information to monitoring utilities.