Eliminate manual work from vulnerability management

Puppet Remediate helps organizations mitigate their security risks, enabling IT Ops to remediate vulnerabilities faster and at scale. It eliminates repetitive and error-prone steps in the vulnerability management workflow, from manual data handover between InfoSec and IT Ops to vulnerability prioritization and remediation.

Puppet Remediate includes the following key capabilities:

  • Shared vulnerability data: Integrates with the three major vulnerability assessment tools (Tenable, Qualys and Rapid7), eliminating the need for manual data handover from InfoSec to IT Ops;
  • Risk-based prioritization: Use your dashboard to see the most critical vulnerabilities, prioritized based on infrastructure context;
  • Task-based remediation: Allows you to run tasks to remediate vulnerabilities, at scale. You can upload your own scripts that Puppet Remediate converts to tasks, or use task-based modules from the Puppet Forge.

Vulnerability management is a job that can consume a lot of your workdays and weekends but leave you feeling like you haven't accomplished much. What if you could knock down the number of hours spent on vulnerability management? Check out this video to find more.

Download Puppet Remediate - Set up your trial in four easy steps

Installing Puppet Remediate is straightforward for most developers or admins, taking about 45 minutes on average. Setup time can vary if you have an existing Puppet license and have Docker installed on your server.

If you want to use the vulnerability scanner feature of Remediate, make sure you have credentials to the one of the following assessment tools: Rapid7 Nexpose, Rapid7 InsightVM, Tenable.io, or Qualys Vulnerability Management module. If you only want to use Remediate for infrastructure discovery, you do not need these credentials.

Let’s walk through each of the steps below to get running ASAP. Get more details from our documentation.


Step 1: Get a Puppet Remediate trial license

Your Puppet Remediate trial license unlocks full product functionality for 30 days.

  • Register for an account at licenses.puppet.com.
  • Click 'Get License'
  • Click '30-day Free Trial'
  • Download your license (json file)
  • Save your license to the directory where you plan to install Remediate.


Step 2: Install Docker on your server

You’ll need Docker and Docker Compose to run the Remediate Docker Compose file. 

docker swarm init


Step 3: Download the Remediate Docker Compose file

Download the Remediate Docker Compose file to the same directory of your license, and run the following commands ⁠(replacing your-license.json with your own license) :

docker-compose run remediate start --license-file your-license.json

The container images are pulled from the Google Cloud Registry.


Step 4: Sign in to Puppet Remediate

To access Remediate on a local server, the URL is https://localhost:8443, or port 8443 on the host where you installed Puppet Remediate.

Read and accept the software license agreement, and sign in to the Remediate console.


That’s it! Next you can add sources and credentials, and then get started prioritizing and fixing vulnerabilities. See the Remediate documentation to find out more.

Learn more about overcoming organizational silos between InfoSec and IT Ops

Silos between InfoSec and IT Ops in an organization might lead to poor infrastructure security and increase risks of external attacks. Using automated tools and more streamlined processes help InfoSec and IT Ops to work better together, achieving better compliance.

Watch this video to learn how to install Remediate

Watch a walkthrough of Remediate and its features