System requirements

Refer to these system requirements to allow your Puppet Comply application to connect to Puppet Enterprise (PE).

Open port requirements

Comply is deployed on a Kubernetes cluster that requires the following ports:


Port	Protocol	Purpose	Source	Destination
PE ports
8140	TCP	Preflight checks	Comply	Puppet primary server
8143	TCP	PE integration	Comply	PE Orchestrator
8081	TCP	PE integration	Comply	PuppetDB
4433	TCP	PE integration	Comply	PE RBAC
Comply ports
443	TCP	Comply access	User browser	Comply UI
443	TCP	Sending reports	Scan target node	Comply server
30303	TCP	Assessor downloads and sending reports	Scan target node	Comply

Tip: Port 30303 is not required if you bring your own ingress. You can also set a custom Comply port in the Comply port field on the Config tab in Puppet Application Manager if you do not want to use port 30303.

Supported Puppet Enterprise versions

The following versions of Puppet Enterprise (PE) are supported for use with Comply:


PE version
2023.0 and later
2021.7.2 and later

For more information about PE versions, see Puppet Enterprise lifecycle policy.

Java Runtime Environment requirements

If you install the Comply module with the default setting of true for the manage_java option, the correct version of Java Runtime Environment (JRE) is installed automatically, and no further action is required.

Restriction: You cannot use the manage_java option on some operating systems, such as Ubuntu 16.04 and Mac OS X.

If you are independently managing JRE, ensure that the appropriate version is installed on the host system where the CIS-CAT Pro Assessor resides. JRE v1.8 or later is required. For the latest information about JRE requirements, see the CIS-CAT Pro Assessor Configuration Guide.