vulnerability

Overview

The top-level class of the vulnerability module. This class ensures that the correct version of grype is installed and configured and that on the specified interval your systems are scanned for vulnerabilities.

Attributes

Attribute Name	Short Description
guard	When you set this value to `true`, Puppet® start’s to guard the number of vulnerabilities on your system.
remediate	When you set this value to `true`, Puppet® will remediate the specfied CVE’s.
update	Update the vulnerability database on every Puppet® run.

update

Update the vulnerability database on every Puppet® run.

When you set this value to true, Puppet® will check the vulnerability database on every run and update it when it detects a new version.

Although setting it to true is the best setting security-wise, it can introduce dynamic changes to your Puppet® run’s that you don’t want. When you want more controlled updates, set this value to false and make sure that the vulnerability::update class is scheduled in some other way.

Even when you set this value to false, Puppet® will do an update on the initial run where grype is installed. This is required to at least have an initial vulnerability database.

Back to overview of vulnerability

guard

When you set this value to true, Puppet® start’s to guard the number of vulnerabilities on your system. Check the ::vulnerability::guard class for details.

The default value is false meaning no automatic checks on the vulnerability status.

Back to overview of vulnerability

remediate

When you set this value to true, Puppet® will remediate the specfied CVE’s. See the remediate class for details.

The default value is true meaning no automatic checks on the vulnerability status.

Back to overview of vulnerability

vulnerability

Overview

Attributes

update

guard

remediate

vulnerability

Company.

Quick Links.

Contact us?