Welcome to Puppet Comply


Puppet Comply is a tool that assesses the infrastructure you manage with Puppet Enterprise against CIS Benchmarks — the best practices for securely configuring systems from the Center for Internet Security (CIS).

Using Comply, you can:

  • Run scans to check the compliance of your infrastructure against CIS Benchmarks.

  • Set your desired compliance — a default benchmark and profile that you want your scans to be measured against.

  • Customize profiles to specify which rules you want visible in scan reports.
  • Identify the cause and source of compliance failures, and determine what configuration changes must be made to which systems.

Comply uses Puppet Enterprise (PE) to retrieve node and fact information. Once you have installed Comply, you must configure it to integrate with PE.

If this is your first time using Comply, try out our Beginner’s guide to Comply.

Puppet Comply docs links Other useful places
Learn the basics:
Comply overview
Comply terminology
Beginner’s guide to Comply
Release notes
Install and configure Comply:
System requirements
Install Comply
Configure Comply
Run and manage CIS scans:
Run a CIS scan
Set desired compliance
Create a custom profile
View scan results
Comply videos:
Comply introduction and demo
Docs for related Puppet products:
Puppet Enterprise
Puppet Forge
Get help:
Support portal
How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.