What’s new in Spotter: Terraform Support and Extended Compliance Validation

We’re excited to share the latest updates to Steampunk Spotter. This round of releases brings the biggest expansion Spotter has seen since its launch: Terraform support, a redesigned compliance validation experience built around CIS Benchmarks and AI-generated policies, and a brand-new usage report that gives you visibility into how your teams are actually using Spotter. And this release adds support for the latest Ansible Core 2.20, so your teams stay current with the newest Ansible without missing a beat.

Spotter now improves the quality, security, and performance of your Ansible Playbooks and Terraform Plans. It helps teams trust every script run by scanning issues, validating best practices, and guiding upgrades – all in one place.

Let’s take a look at what’s new.

Support for Terraform: One Unified Platform

What it is: Spotter now extends its policy checking and compliance capabilities to Terraform infrastructure-as-code, enabling teams to manage security and best practices across both Ansible and Terraform under a single platform.

What you can do with it:

• Scan Terraform plans directly from the CLI. Terraform support in the Spotter CLI mirrors the existing Ansible experience, so the workflow is consistent across Ansible and Terraform.
• Catch security and best-practice issues out of the box. Built-in checks for Terraform providers flag risks before your infrastructure reaches production.
• Enforce your own organizational standards. Define custom policies for your organization — or import existingchecks directly into Spotter to extend provider coverage with rules your team already trusts.

Expanded Compliance Validation

Compliance shouldn’t require you to become a policy engineer. Spotter now offers three complementary approaches to compliance validation, each feeding into a single, prioritized risk assessment across your playbooks. The custom policy view has also been redesigned so you can sort, group, and organize generated policies by CIS Benchmark or by collection — making large policy libraries far easier to navigate.

1. CIS Benchmark Validation

What it is: Prebuilt REGO policy libraries built for major CIS Benchmarks, enabling consistent compliance validation across automation workflows. They are delivered as ZIP archives and ready to import into Spotter via the Custom Policies interface or CLI.

What you can do with it:

• Accelerate compliance adoption without building policies from scratch.
• Standardize security controls across teams with consistent, well-tested rules.
• Continuously validate your automation against industry best practices — and stay aligned with CIS standards as they evolve.

Currently available benchmarks include CIS Cisco IOS (new), CIS RHEL10 (new), and CIS RHEL9, RHEL8, Azure, AWS, and Windows.

2. Collections-Based Validation

What it is: Spotter automatically identifies misconfiguration risks in specific Ansible collections by analyzing their documentation, full specification, and external knowledge about the systems they manage — then generates matching REGO policies.

What you can do with it:

• Extend policy coverage to any collection in your environment without hand-authoring REGO.
• Start with out-of-the-box coverage for ansible.builtin and cisco.ios.
• Request on-demand coverage for other collections from the Spotter team, delivered as a ZIP archive for import through the Custom Policies interface or CLI.

3. Policy-as-Code with the AI Policy Generator

What it is: When existing policies don’t cover a specific requirement, Spotter can generate new REGO policies from plain-language descriptions using AI.

What you can do with it:

• Describe a rule in plain language and get a working REGO policy back.
• Lower the barrier to custom policy authoring — no deep REGO expertise required.
• Import generated policies directly into Spotter through the Custom Policies interface or the CLI.

Once your policies are in place — whether they came from CIS benchmarks, collection-based generation, or the AI Policy Generator — Spotter runs a full playbook risk assessment, producing a prioritized view of security risks and vulnerabilities along with actionable remediation guidance. It’s the consolidated output your security, platform, and automation teams can all work from.

Usage Reports: See How Spotter Is Being Used Across Your Organization

What it is: A new usage report that gives you visibility into how Spotter is being adopted across your teams, with metrics designed for both internal teams and end customers.

What you can do with it:

• For on-premises deployments, view key usage statistics directly within the Spotter interface, and export selected sections to PDF to share with stakeholders.
• Make the case for automation. Usage data makes it much easier to show the impact of Spotter inside your organization — from adoption trends to which checks are catching the most issues.

See it Live at Red Hat Summit 2026

Experience everything new in Spotter firsthand at Red Hat Summit 2026 next week.

Stop by our booth #P6 for a live demo personalized to your specific needs, hear how leading enterprises are using Spotter to modernize automation, and talk with the XLAB Steampunk team about how we can bring more clarity, control, and speed to your own workflows.

You can also book an onsite meeting with our expert team for a deeper dive into your automation challenges.