Puppet Class: vulnerability::install

Defined in:
manifests/install.pp

Summary

This class ensures the installation of `grype` in a correct way so that Puppet can start guarding the vulnerabilities on this system.

Overview

vulnerability::install

See the file “LICENSE” for the full license governing this code.

Parameters:

  • version (String[1])

    The version of ‘grype` to install.

  • base_url (String[1])

    The base part of the URL where to download grype from. The default is: ‘github.com/anchore/grype/releases/download`, meaning we download directly from the original github source.



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'manifests/install.pp', line 17

class vulnerability::install (
  String[1] $base_url,
  String[1] $version
) {
  case $facts['kernel'] {
    'Linux': {
      class { 'vulnerability::install::linux':
        version  => $version,
        base_url => $base_url,
      }
      contain vulnerability::install::linux
    }
    'windows': {
      class { 'vulnerability::install::windows':
        version  => $version,
        base_url => $base_url,
      }
      contain vulnerability::install::windows
    }
    default: {
      fail "vulnerability scanning not (yet) supported on ${facts['kernel']}"
    }
  }
}