Puppet starts scanning Forge modules and launches a new compliance tool • DEVCLASS

Puppet

IT automation tool provider Puppet announced this week that it has added several features to its tool ecosystem, giving its users a better chance of maintaining security and compliance.

The most important enhancement is undoubtedly the malware scanning component of Puppet Forge, the Puppet module catalog. The new feature checks files and their contents for malicious code and flags uploads that may be unsafe. To get a comprehensive report, it uses the VirusTotal upload API, which is said to aggregate the results from more than 70 antivirus scanners and URL block lists.

According to Puppet, the company does not intend to retrospectively scan all existing modules because it wants to avoid zero-day vulnerabilities. Instead, it plans to analyze all new versions of supported modules first, and then gradually analyze the modules supported and approved by partners. The plan here is to be able to check all new versions as they will be released before the end of the year.

With the implementation of the scanner, the Puppet team is now also able to handle other security-related functions, such as the ability to obtain long-term requirements for module quality scores before releasing the module to the roadmap. Other plans include revising the quality score itself.

There are also some interesting new features inside Forge, namely the Compliance Enforcement Module (CEM) for Windows and Linux nodes. These advanced modules are part of a broader compliance program, and CIS compliance rules are enforced by default for level 1 server profiles on Puppet Enterprise managed nodes. If this is not strict enough, these modules should be configurable, although the company has promised to add support for other compliance frameworks at a later stage.

Given the recent rise in interest in low-code or no-code services, it is also interesting to see Puppet put in some work to make their enterprise products work well with ServiceNow. The result is the second integration beyond the Puppet Spoke announced earlier this year.

Although Spoke is intended as a self-service way of setting up Puppet workflows, the Service Graph Connector can be used to aggregate data from Puppet Enterprise into SN’s configuration management database. The connector is now available in the ServiceNow store and was introduced as an option to increase visibility into configuration components in order to catch misconfigurations faster and provide the data needed to make informed decisions.

#Puppet #starts #scanning #Forge #modules #launches #compliance #tool #DEVCLASS

More from Source

Leave a Comment