Steampunk Spotter
Achieve Compliant and Secure Ansible Automation – Explore Steampunk Spotter New Features
May 7, 2025 - Words by Maja Franko - 3 min read
We’re excited to introduce the latest updates to Steampunk Spotter. These new features give you even more control over your Ansible Playbooks — saving you time on manual reviews and ensuring consistent and validated Ansible content for all your workflows.
From AI-Powered Compliance Validation to CVE Analysis and Security Reports for Ansible Collections, these new features make it easier than ever to automate your playbooks and optimize compliance and security across your organization.
Let’s take a look at what’s new:
AI-Powered Compliance Validation
What it is: With AI-Powered Compliance Validation, you can easily apply custom policies tailored to specific compliance standards and benchmarks (like CIS RHEL and AWS) to your playbooks with just a few clicks.
What you can do with it:
Use AI-powered compliance validation to automatically validate and improve your Ansible Playbooks.
Test content pipelines and deploy versioned content to meet specific standards.
Enforce governance standards and implement regulatory initiatives.

Ansible Supply Chain Management
What it is: The Supply Chain Management feature allows you control which third-party dependencies of your Ansible automation are allowed to be installed or used, including blocking certain Ansible modules or collections and enforcing approved Python versions.
What you can do with it:
Secure your infrastructure against vulnerable or unapproved Ansible modules, collections, and Python versions to reduce the risk of security breaches and unauthorized access.
Improve the security posture of Ansible Playbooks by blocking vulnerable components and ensure consistency and compliance of your processes.
Maintain a clear audit trail for all Ansible content used in your organization, simplifying compliance reporting and risk assessments.

Use Software Bill of Materials (SBOM)
What it is: SBOM provides a comprehensive inventory of all dependencies, identifies and evaluates any vulnerabilities present within the execution environment your playbooks are being executed in.
What you can do with it:
Gain visibility into collection dependencies and potential vulnerabilities and decide which execution environments are safe to use.
Cross-compare different versions and choose the one with the fewest weaknesses.
Spot vulnerabilities early, and keep these environments always up-to-date, safe and secure.

Common Vulnerabilities and Exposures (CVE) Analysis and Security Reports for Ansible Collections
What it is: Building upon the extracted SBOM from your Ansible Playbooks, collections, and execution environments, Spotter evaluates them for known vulnerabilities and complies them into actionable information. Think of it as a single pane of glass for all your Ansible content.
What you can do with it:
Know exactly what risks are associated with a collection or environment, before you use it, so you can make smarter decisions about your automation stack.
Check for potential issues and consider CVEs to ensure the security team is aware of these dependencies and potential threats before applying Ansible Playbooks.
Use dynamic Security Reports for Ansible Collections to assess the weaknesses and decide whether or not to use a particular execution environment or not.

Custom Policies Editor
What it is: You can now create and edit your custom policies directly in Spotter.
What you can do with it:
Enforce internal standards and ensure your playbooks are consistently aligned with organizational, compliance and security requirements.
Simplify policy management in your organization without the need for manual intervention.
Reduce time spent on corrections and manual reviews that would otherwise be error-prone and slow.

New Reporting Features
What it is: For regular monitoring, the Spotter reporting platform consolidates all your scan results into a single, easy-to-navigate view, giving you a comprehensive overview of your automation landscape. Now you can also use reporting to keep an eye on security risks in your Ansible Playbooks and execution environments, monitor Ansible upgrades and environment changes, and get an overview of Ansible code quality in a comprehensive dashboard.
What you can do with it:
Track security risks by using dynamic reports to identify vulnerabilities and risks in your Ansible Playbooks and collections.
Monitor upgrades to get a clear overview of version changes and migrations and stay ahead of Ansible updates.
Review your environments to understand how your execution environments are configured and used.

Are you ready to put these new features into practice?
With greater visibility, control, and built-in compliance checks, your team can scale automation securely and confidently. Steampunk Spotter simplifies compliance at every step by minimizing manual work, reinforcing security standards, and accelerating your automation journey.
Curious to see it in action? Log in to Spotter and explore the new features today.
