Key Takeaways From Puppetize 2021

Puppetize Digital 2021, a free event spanning multiple regions (Asia Pacific, Europe and the Americas), focused primarily on how Puppet helps customers navigate the challenges of today’s increasingly hybrid-cloud world by meeting them where they are and taking them to where they need to be.

To that end, Puppet has made some exciting announcements regarding new products, features, and partnerships.

Malware scanner for Forge

For example, Puppet announced a malware scanner feature for newly published modules on the Forge, Puppet’s module marketplace, in order to combat security risks and increase the security profile of customers using those modules. The rollout targets supported modules and will cover all newly published modules by the end of the year. 

In the first quarter of 2021, supply chain attacks rose by 42 percent and impacted roughly seven million people, leading IT admins to require more secure automation code. To avoid security vulnerabilities and actual intrusions into their infrastructures, users are expected to audit code, report and correct vulnerabilities, and avoid downloading modules with compromised systems. In addition, many site policies do not allow use of public code unless it has been scanned. With Puppet’s latest malware module scanning feature, users will have a more streamlined process for downloading pre-scanned modules in order to comply with strict site policies and consume modules more readily.

ServiceNow integration

As a member of the ServiceNow Partner Program, Puppet has now also joined the ServiceNow Service Graph Connector Program by integrating its flagship product, Puppet Enterprise, with Service Graph. The Service Graph Connector for Puppet integration helps ServiceNow customers to quickly, easily, and reliably ingest relevant and accurate data from Puppet-managed assets into ServiceNow’s CMDB to make informed decisions across hybrid infrastructures.

Earlier this year, Puppet announced Puppet Spoke, an action engine that can be used to build self-service workflows via the ServiceNow IntegrationHub. ServiceNow teams can build, test, and deploy new functionality faster using the Puppet Spoke in conjunction with the enriched CMDB data. The integration gives ServiceNow customers direct access to the automation power of the Puppet engine. Those using ServiceNow can take advantage of a broad set of actions that Puppet enables, from restarting services to patching machines directly in the ServiceNow platform.

Policy-as-code Compliance Enforcement Modules

Puppet also launched Compliance Enforcement Modules to provide customers with turnkey compliance remediation and enforcement of policy-as-code directly aligned to Center for Internet Security Benchmarks (CIS) for both Windows and Linux. The Compliance Enforcement Modules will be bundled into Puppet Comply, which works with Puppet Enterprise to assess, remediate, and enforce infrastructure configuration compliance policies at scale across traditional and cloud environments.

With more new vulnerabilities reported in 2020 than in any year in history and an increased focus on industry regulatory standards that harden images and fortify security, there is a heightened focus on maintaining infrastructure security compliance across environments. Failure to comply with regulatory standards can lead to failed audits or risk assessments, putting an organization at risk of everything from lost business to exorbitant fines. The ability to automate the security compliance process to drive increased visibility and quick remediation is a top priority for companies within highly regulated environments or those that are experiencing increased attacks.

With the latest investments and innovations from Puppet, Puppet Comply customers can now more quickly identify the cause and source of compliance failures and determine the correct configuration changes within minutes rather than weeks.