Set up Security Compliance Management
To start using Security Compliance Management (SCM), you must complete the setup process, using both Puppet Bolt and Puppet Enterprise (PE).
Before you set up Security Compliance Management, ensure
that you have installed Puppet Bolt and Puppet Enterprise (PE) and have reviewed the System requirements.
- Install Security Compliance Management
Specify your initial configuration settings and deploy Security Compliance Management for the first time. - Install Security Compliance Management on a host without SSH access
Create an air-gapped bundle from a Puppet Bolt project and copy the bundle to the install target. This bundle contains all the images and dependencies needed to install Security Compliance Management on the desired host. - Install Security Compliance Management as a non-root user
You can install Security Compliance Management as a non-root user. After installing as a non-root user, the files are owned by the install user, not root. - Configure Security Compliance Management mTLS certificates
If you want to manually provide your own mTLS certifications, follow this process to generate certificates for Security Compliance Management in Puppet Enterprise (PE). If you are using automatically generated mTLS certificates, you can skip this. - Configure Security Compliance Management
Use the Security Compliance Management installer powered by Puppet Bolt to configure Security Compliance Management settings. - Install the Security Compliance Management module
Install the Security Compliance Management module from Puppet Forge. - Classify the nodes you want to scan
In Puppet Enterprise (PE), classify the nodes you want to scan. You can scan a maximum of 5000 nodes in a batch. - Add your Puppet Enterprise credentials to Security Compliance Management
To allow Security Compliance Management to communicate with Puppet Enterprise, you must add your PE credentials to Security Compliance Management. - Configure inventory refresh interval
Configure how often to poll Puppet Enterprise for changes to the inventory, including changes in node and fact information. By default, polling occurs every 24 hours. - Configure data retention policy
Configure how long to retain scan data. By default, Security Compliance Management retains scan data indefinitely.