Using Spotter's Scan Profiles

Steampunk Spotter is an Ansible Playbook Scanning platform that offers valuable insights into your playbooks to help you optimize and maximize your automation. In this blog post, we will discuss Spotter’s Scan profiles, a feature that adds a new dimension to your Ansible Playbook scanning experience. Whether you want to improve your playbook, upgrade it, or ensure it will execute securely, the scan profiles ensure that the scan results meet your specific goals.

Let’s dive into a practical demonstration and begin with a simple Ansible Playbook with an array of tasks where we are leveraging multiple collections such as sensu.sensu_go, ansible.builtin, and community.crypto. We will use it to perform each scan using Scan Profiles.

- name: Sample playbook 
  hosts: localhost 
  tasks: 
    - name: Create a new Sensu Go user 
      sensu.sensu_go.user: 
        password: "{{ lookup('env', 'SENSU_USER_PASSWORD') }}" 
      when: true 

    - name: Get the payload from the API 
      uri: 
        url: "/some-url" 
        method: GET 
        user: "username1" 

    - name: Ensure server certificate matches private key 
      community.crypto.x509_certificate: 
        path: "{{ config_path }}/certificates/server.crt" 
        privatekey_path: "{{ config_path }}/certificates/server.key" 
        provider: assertonly 

    - name: Create example.com A record with value 127.0.0.1 
      inwx.collection.dns: 
        domain: example.com 
        type: A 
        value: 127.0.0.1 
        username: test_user 
        password: test_password 

    - name: Create AWS data pipeline 
      community.aws.data_pipeline: 
        name: test-dp 
        region: us-west-2 
        objects: "{{pipelineObjects}}" 
        parameters: "{{pipelineParameters}}" 
        values: "{{pipelineValues}}" 
        tags: 
          key1: val1 
          key2: val2 
        state: present 

When using the spotter scan command, the --profile option enables you to choose a scan profile that fits your needs. Presently, Steampunk Spotter offers three profiles:

Default Profile

The default profile is designed for everyday testing and Ansible Playbook improvement. It includes best practices, validations, and essential security checks. This includes checks for the use of FQCN, module redirections and deprecation warnings, requirements collection version mismatches, best practice hints and a lot more.

To use the default profile, run the spotter scan --profile default command.

If you run a general scan without specifying profiles, this is the profile that will be applied.

Full Profile

The complete profile encompasses all the checks Spotter has to offer, including upgrade-related and complete security related checks. This profile proves invaluable when tackling Ansible upgrades, helping you update your Ansible Playbooks to work with the newest or specific Ansible version. For instance, it allows you to see changes in default parameter values between module versions or check the relevant for migration to the Ansible Automation Platform and execution environments.

To use the full profile, run the spotter scan --profile full command.

Security Profile

The security profile includes checks for potential security vulnerabilities, helping you focus only on secure execution.

To use the security profile, run the spotter scan --profile security command.

Steampunk Spotter: Ansible Playbook Scans, the way you envisioned it

Spotter’s scan profiles grant you the power to wield precision and focus in your Ansible Playbook scans, whether you’re improving or upgrading playbooks, or dealing with security issues.

Thank you for joining us on this exploration of enhanced Ansible Playbook scanning and if you wish to discover more about Steampunk Spotter and its remarkable features, give it a try!

Interested in Spotter, but don’t know how to start? Explore our Getting started guide.