Assure Secure Playbook Execution 

Spotter makes sure all playbooks you run are executed securely by highlighting potential misconfigurations and security risks. It helps you understand potential outcomes when running playbooks and follow best practices to minimize security vulnerabilities and downtime.

When running general scan, basic security checks are run automatically, but if you want Spotter to check only for security related issues, you can do so by running the spotter scan –profile security command.

$ spotter scan --profile security playbook.yml Copied!

 > spotter scan --profile security playbook.yml
  playbook.yml:9:7: ERROR: [E903] Use a fully-qualified name, such as ansible.builtin.uri
   instead of uri. playbook.yml:21:7: WARNING: [W2600::B411] Issue found in the Python implementation of
    module inwx.collection.dns: Using xmlrpclib to parse untrusted XML data is known to be
    vulnerable to XML attacks. Use defused.xmlrpc.
    monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities. playbook.yml:29:7: WARNING: [W2600::B324] Issue found in the Python implementation of module
    community.aws.data_pipeline: Use of weak MD5 hash for security. Consider usedforsecurity=False. ------------------------------------------------------------------------ Spotter took 1.353 s to scan your input. It resulted in 1 error(s), 2 warning(s) and 0 hint(s). Overall status: ERROR >