Ansible Playbook Platform that scans, analyzes, enhances, and provides insights for your playbooks.
Steampunk Spotter is an Ansible Playbook Platform that scans, analyzes, enhances, and provides insights for your playbooks.
The Steampunk Spotter CLI enables the use from the console with the ability to scan Ansible content such as playbooks, roles, collections, or task files.
The following instructions explain how to get started with the Steampunk Spotter CLI to scan Ansible content and get recommendations.
Steampunk Spotter CLI requires Python 3 and is available as a steampunk-spotter Python package.
$ pip install steampunk-spotter
We recommend installing the package into a clean Python virtual environment.
After the CLI is installed, you can explore its commands and options by
running spotter --help.
The --help/-h option is also available for every command.
The current release version of Steampunk Spotter contains the following limitations that also apply to the CLI:
To use CLI, you have to supply your Steampunk Spotter user account credentials.
If you don't have an account, use spotter register command that will direct
you to the page where you can create one.
Steampunk Spotter supports two kinds of credentials: 1) API token (can be generated in the user settings within the Spotter App), and 2) username and password.
--token/-t global option to supply your token credential.
Alternatively, set the SPOTTER_TOKEN environment variable to contain
the API token.--username/-u and --password/-p global options to supply your
username and password. Alternatively, set the SPOTTER_USERNAME and
SPOTTER_PASSWORD environment variables.spotter <options> login to persist your credentials in the
Steampunk Spotter CLI's local storage, where <options> stand for one
of the approaches described above.After that, you can start scanning right away.
The CLI spotter scan command is used for scanning Ansible
content (playbooks, roles, collections, or task files) and returning the
scan results.
The scan command will automatically detect the type of your Ansible content
and scan it.
Here are some examples of running scans:
# scan playbook
$ spotter scan path/to/playbook.yaml
# scan multiple files at once
$ spotter scan path/to/taskfile.yaml \
path/to/playbook.yaml \
path/to/role \
path/to/collection
# scan any folder that contains Ansible content
$ spotter scan path/to/folder
This part is only relevant for users with a TEAM plan or higher.
By default, the scan results are stored in the first project of the user's first organization (in the app).
Users that have multiple organizations or projects in the app can use
--project-id option to specify the UUID of an existing target project, where
the scan result will be stored.
$ spotter scan --project-id <project-id> .
You can learn your project id by logging into the app, selecting the appropriate organization and navigating to the project's dashboard.
By default, CLI parses full Ansible YAML content with all values from
playbooks (e.g., parameter values from Ansible modules,
variables from Ansible plays, etc.).
With values, we can discover additional tips for improvements.
CLI will try to detect and omit any secrets (e.g., passwords, SSH keys,
cloud credentials, etc.) from being transmitted.
If you want to omit parsing and sending the values, you can use
--exclude-values option.
$ spotter scan --exclude-values playbook.yaml
By default, CLI collects metadata (i.e., file names, line, and column numbers,
YAML markers) from Ansible content.
This is needed for enriched user experience in the Spotter App and to get
additional tips for improvements.
If you want to use metadata just for displaying the scan output, which means
that no data about your Ansible content structure is sent to the backend
server, you can use --exclude-metadata option.
$ spotter scan --exclude-metadata playbook.yaml
There is also a --rewrite option that rewrites your files with fixes after
scanning.
This action will modify your files.
$ spotter scan --rewrite playbook.yaml
For more comprehensive usage, issue spotter scan --help.
Please refer to Steampunk Spotter Documentation for further instructions.
This tool was created by XLAB Steampunk, IT automation specialists and leading experts in building Enterprise Ansible Collections.
FAQs
Ansible Playbook Platform that scans, analyzes, enhances, and provides insights for your playbooks.
We found that steampunk-spotter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.