Steampunk Spotter
Using Spotter's Scan Profiles
August 29, 2023 - Words by The Spotter team - 2 min read
Steampunk Spotter is an Ansible Playbook Scanning platform that offers valuable insights into your playbooks to help you optimize and maximize your automation. In this blog post, we will discuss Spotter’s Scan profiles, a feature that adds a new dimension to your Ansible Playbook scanning experience. Whether you want to improve your playbook, upgrade it, or ensure it will execute securely, the scan profiles ensure that the scan results meet your specific goals.
Let’s dive into a practical demonstration and begin with a simple Ansible Playbook with an array of tasks where we are leveraging multiple collections such as sensu.sensu_go, ansible.builtin, and community.crypto. We will use it to perform each scan using Scan Profiles.
- name: Sample playbook
hosts: localhost
tasks:
- name: Create a new Sensu Go user
sensu.sensu_go.user:
password: "{{ lookup('env', 'SENSU_USER_PASSWORD') }}"
when: true
- name: Get the payload from the API
uri:
url: "/some-url"
method: GET
user: "username1"
- name: Ensure server certificate matches private key
community.crypto.x509_certificate:
path: "{{ config_path }}/certificates/server.crt"
privatekey_path: "{{ config_path }}/certificates/server.key"
provider: assertonly
- name: Create example.com A record with value 127.0.0.1
inwx.collection.dns:
domain: example.com
type: A
value: 127.0.0.1
username: test_user
password: test_password
- name: Create AWS data pipeline
community.aws.data_pipeline:
name: test-dp
region: us-west-2
objects: "{{pipelineObjects}}"
parameters: "{{pipelineParameters}}"
values: "{{pipelineValues}}"
tags:
key1: val1
key2: val2
state: present
When using the spotter scan
command, the --profile
option enables you to choose a scan profile that fits your needs. Presently, Steampunk Spotter offers three profiles:
Default Profile
The default profile is designed for everyday testing and Ansible Playbook improvement. It includes best practices, validations, and essential security checks. This includes checks for the use of FQCN, module redirections and deprecation warnings, requirements collection version mismatches, best practice hints and a lot more.
To use the default profile, run the spotter scan --profile default
command.
If you run a general scan without specifying profiles, this is the profile that will be applied.
Full Profile
The complete profile encompasses all the checks Spotter has to offer, including upgrade-related and complete security related checks. This profile proves invaluable when tackling Ansible upgrades, helping you update your Ansible Playbooks to work with the newest or specific Ansible version. For instance, it allows you to see changes in default parameter values between module versions or check the relevant for migration to the Ansible Automation Platform and execution environments.
To use the full profile, run the spotter scan --profile full
command.
Security Profile
The security profile includes checks for potential security vulnerabilities, helping you focus only on secure execution.
To use the security profile, run the spotter scan --profile security
command.
Steampunk Spotter: Ansible Playbook Scans, the way you envisioned it
Spotter’s scan profiles grant you the power to wield precision and focus in your Ansible Playbook scans, whether you’re improving or upgrading playbooks, or dealing with security issues.
Thank you for joining us on this exploration of enhanced Ansible Playbook scanning and if you wish to discover more about Steampunk Spotter and its remarkable features, give it a try!
Interested in Spotter, but don’t know how to start? Explore our Getting started guide.