Forge Home




151 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.11.0 (latest)
  • 2.10.0
  • 2.9.0
  • 2.8.0
  • 2.7.0
  • 2.6.0
  • 2.5.0
  • 2.4.0
  • 2.3.0
  • 2.2.2
  • 2.2.1
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.9.0
released Jan 26th 2023
This version is compatible with:
  • Puppet Enterprise 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet > 6.24 < 8.0.0
  • , , , , , , , , , ,
  • backup_assessor
  • ciscat_scan

You'll need Puppet Enterprise to use this module. You may also evaluate this module with Puppet Bolt for up to 90 days.Learn More

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppetlabs-comply', '2.11.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppetlabs-comply
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppetlabs-comply --version 2.11.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



puppetlabs/comply — version 2.11.0 Jan 26th 2023

Puppet Comply

Puppet Comply is a tool that assesses the infrastructure you manage with Puppet Enterprise against CIS Benchmarks — the best practices for securely configuring systems from the Center for Internet Security (CIS).


This Module is required by the Puppet Comply product and should only be used as per the complete install instructions

There are two workflows for using the Comply module:

Using Replicated to host the Assessor

This is the default recommend workflow for using Comply. Comply hosts a copy of the latest Assessor. This path enables you to configure once, and allow Comply to easily upgrade your Assessor when you do a product upgrade. You can configure the service hosting the Assessor via KOTS to use certificates generated on your PE instance. Then, mutual TLS enables a secure authenticated between your nodes and Comply.

To generate the certificates on your PE instance, run the following:

[root@pe-instance-01 ~]# puppetserver ca generate --certname
Successfully saved private key for to /etc/puppetlabs/puppet/ssl/private_keys/
Successfully saved public key for to /etc/puppetlabs/puppet/ssl/public_keys/
Successfully submitted certificate request for
Successfully saved certificate for to /etc/puppetlabs/puppet/ssl/certs/
Certificate for was autosigned.

Then copy the ca.pem, public certificate and private key for your Comply instance to the KOTS config. Once deployed, the service will now be accessible to your nodes.

In order to keep you up to date, the version of the Assessor is embedded in the module. As such, when doing an upgrade of the Comply product, you should ensure that you have upgraded the module beforehand.

Using a privately hosted file

Alternatively, you can host the file privately elsewhere. If you choose this method, then use scanner_source parameter with the comply class. You may also need to disable the use_mtls paramter too. The version of the Assessor is inferred from the file name so for example if your scanner_source value was, Comply would infer this as being version 4.6.0 of the Assessor.


By default, Comply will install various dependencies required in order for the module and the CIS Assessor to function. Should you wish to configure what Comply manages, see the reference for more details.

Obtaining the Product

Please get in touch with a Puppet Representative