Eliminate manual work from vulnerability management

Puppet Remediate helps organizations mitigate their security risks, enabling IT Ops to remediate vulnerabilities faster and at scale. It eliminates repetitive and error-prone steps in the vulnerability management workflow, from manual data handover between InfoSec and IT Ops to vulnerability prioritization and remediation.

Puppet Remediate includes the following key capabilities:

  • Shared vulnerability data: Integrates with the three major vulnerability assessment tools (Tenable, Qualys and Rapid7), eliminating the need for manual data handover from InfoSec to IT Ops;
  • Risk-based prioritization: Use your dashboard to see the most critical vulnerabilities, prioritized based on infrastructure context;
  • Agentless remediation: Allows you to remediate vulnerabilities at scale by uploading your own scripts or using existing modules from Puppet Forge.

Vulnerability management is a job that can consume a lot of your workdays and weekends but leave you feeling like you haven't accomplished much. What if you could knock down the number of hours spent on vulnerability management? Check out this video to find more.

Download Puppet Remediate - Set up your trial in four easy steps

Installing Puppet Remediate is straightforward for most developers or admins, taking about 45 minutes on average. Setup time can vary if you have an existing Puppet license and have Docker installed on your server.

If you want to use the vulnerability scanner feature of Remediate, make sure you have credentials to the one of the following assessment tools: Rapid7 Nexpose, Rapid7 InsightVM, Tenable.io, or Qualys Vulnerability Management module. If you only want to use Remediate for infrastructure discovery, you do not need these credentials.

Let’s walk through each of the steps below to get running ASAP. Get more details from our documentation.


Step 1: Get a Puppet Remediate trial license

Your Puppet Remediate trial license unlocks full product functionality for 30 days.

  • Before you begin, ensure your machine meets Remediate’s system requirements.
  • Register for an account at licenses.puppet.com
  • Click 'Get License'
  • Click '30-day Free Trial'
  • Download your license (json file)
  • Save your license to the directory where you plan to install Remediate


Step 2: Install Docker on your server

You’ll need Docker and Docker Compose to run the Remediate Docker Compose file. 

  • Download Docker for your operating system:
  • Install Docker Compose
    Note: If you are installing Docker Compose on Windows, create a new a new environment variable called COMPOSE_CONVERT_WINDOWS_PATHS and set it to 1.
    For more information about setting environment variables for Docker Compose, see the Docker Compose documentation.
  • Initialize Docker Swarm, run the following command:
docker swarm init


Step 3: Download the Remediate Docker Compose file

Download the Remediate Docker Compose file to the same directory of your license, and run the following commands ⁠(replacing your-license.json with your own license) :

docker-compose run remediate start --license-file your-license.json

The container images are pulled from the Google Cloud Registry.


Step 4: Sign in to Puppet Remediate

To access Remediate on a local server, the URL is https://localhost:8443, or port 8443 on the host where you installed Puppet Remediate.

Read and accept the software license agreement, and sign in to the Remediate console.


That’s it! Next you can add sources and credentials, and then get started prioritizing and fixing vulnerabilities. See the Remediate documentation to find out more.

More resources

Eliminate silos between InfoSec and IT Ops

Silos between InfoSec and IT Ops in an organization might lead to poor infrastructure security and increase risks of external attacks. Using automated tools and more streamlined processes help InfoSec and IT Ops to work better together, achieving better compliance.

Read more about vulnerability management

In a recent blog post our Product team covers how vulnerability management can be a soul-crushing job and what improvements you can make to your current process without major changes in your team and the way you work.

Remediate solution brief

Puppet Remediate eliminates repetitive and error-prone steps in the vulnerability management workflow, from manual data handover between InfoSec and IT Ops to vulnerability prioritization and remediation.

Watch to learn how to install Puppet Remediate

Follow along with Jonathan Stewart as he walks you through the 4 steps for installing Remediate: getting a Remediate trial license, installing Docker on your server, downloading the Remediate Docker Compose file, and signing in to Remediate.

Learn how to use Puppet Remediate

Puppet Remediate makes it easy to see all vulnerabilities affecting your infrastructure and drill down into each one for more detail and remediation instructions. Watch the video to see it in action.