Forge Home


This puppet module configures foreman_scap_client.


272 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.0 (latest)
  • 0.4.0
  • 0.3.23
  • 0.3.22
  • 0.3.21
  • 0.3.20
  • 0.3.19
  • 0.3.18
  • 0.3.16
  • 0.3.15
  • 0.3.14
  • 0.3.13
  • 0.3.12 (deleted)
  • 0.3.11
  • 0.3.10
  • 0.3.9
released Nov 8th 2023
This version is compatible with:
  • Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'theforeman-foreman_scap_client', '1.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add theforeman-foreman_scap_client
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install theforeman-foreman_scap_client --version 1.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



theforeman/foreman_scap_client — version 1.0.0 Nov 8th 2023

Foreman SCAP client Puppet Module

Foreman SCAP client Puppet Module configures foreman_scap_client to run scans and upload results to foreman proxy.


This puppet module will automatically install foreman_scap_client (if not installed) and will configure /etc/foreman_scap_client/config.yaml with parameters which are needed for the operation of foreman_scap_client.


  • 'server': configures the proxy server
  • 'port': configures the proxy server's port
  • 'ca_file': path to file of certification authority that issued client's certificate
  • 'host_certificate': path to host certificate, may be puppet agent certificate or katello certificate
  • 'host_private_key': path to host private key, may be puppet agent private key or katello private key
  • 'policies': Array of policies that should be configured
  • 'foreman_repo_rel': add / manage foreman-plugins yum repo and set to release version. Eg '1.14'
  • 'foreman_repo_key': RPM Key source file for foreman-plugins repo. Note: Currently, packages are not signed. Unless set to an alternative file source, URL will be used.
  • 'foreman_repo_src': Alternative baseurl for The Foreman plugins repository
  • 'foreman_repo_gpg_chk': Enable / disable GPG checks. Directly passed to Yumrepo resource
  • 'package_name': Name of the package that will be installed. The default is platform specific.
  • 'package_provider': Puppet provider to use to install the package, defaults to automatic detection
  • 'install_options': Additional options for client package installation
  • 'cron_template': Path to cron template
  • 'cron_splay': Upper limit for splay time when sending reports to proxy
  • 'fetch_remote_resources': Whether client should fetch referenced resources that are remote
  • 'http_proxy_server': HTTP proxy server
  • 'http_proxy_port': HTTP proxy port

For detailed info on the parameters see documentation on manifests/init.pp & manifests/params.pp

Sample Usage

The following example ensures that every week an SCAP audit is executed and the results are sent to proxy at The example will automatically attempt to install foreman_scap_client on the system. If you do not wish to use your tailoring file with policy, just pass empty string to "tailoring_path".

class { foreman_scap_client:
  server           => '',
  port             => '8443',
  foreman_repo_rel => '1.14',
  foreman_repo_key => '/net/share/foreman-gpg-rpm-key',
  policies         => [{
    "id"                      => 1,
    "hour"                    => "12",
    "minute"                  => "1",
    "month"                   => "*",
    "monthday"                => "*",
    "weekday"                 => "1",
    "profile_id"              => '',
    "content_path"            => '/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml',
    "download_path"           => '/compliance/policies/1/content',
    "tailoring_path"          => '/var/lib/openacap/ssg-fedora-ds-tailored.xml',
    "tailoring_download_path" => "/compliance/policies/1/tailoring"

Usage with foreman_openscap

When using this module together with foreman_openscap, no further configuration should be necessary as values are by Foreman's ENC. However, verify the values for server, port and policies after importing the class; the policies should be <%= @host.policies_enc %>

Releasing on puppet forge

We use project blacksmith to do the release. All you need to do is configuring theforeman credentials in ~/.puppetforge.yml and then call release task from upstream repo like this

bundle exec rake strings:generate:reference
bundle exec rake module:release