Assure Secure Playbook Execution
Spotter makes sure all playbooks you run are executed securely by highlighting potential misconfigurations and security risks. It helps you understand potential outcomes when running playbooks and follow best practices to minimize security vulnerabilities and downtime.
When running general scan, basic security checks are run automatically, but if you want Spotter to check only for security related issues, you can do so by running the spotter scan –profile security command.
$
spotter scan --profile security playbook.yml
Copied!> spotter scan --profile security playbook.yml playbook.yml:9:7: ERROR: [E903] Use a fully-qualified name, such as ansible.builtin.uri
instead of uri. playbook.yml:21:7: WARNING: [W2600::B411] Issue found in the Python implementation of
module inwx.collection.dns: Using xmlrpclib to parse untrusted XML data is known to be
vulnerable to XML attacks. Use defused.xmlrpc.
monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities. playbook.yml:29:7: WARNING: [W2600::B324] Issue found in the Python implementation of module
community.aws.data_pipeline: Use of weak MD5 hash for security. Consider usedforsecurity=False. ------------------------------------------------------------------------ Spotter took 1.353 s to scan your input. It resulted in 1 error(s), 2 warning(s) and 0 hint(s). Overall status: ERROR >
Still need help? Contact [email protected]
