Learn how to interact with the diverse set of endpoints and harness the power of REST
architecture in integrating with and extending the functionality of Comply. This tutorial guides you through running an ad-hoc
scan in Comply using the API.
Before you begin
Make sure that you have read the Authentication section and have a personal access token. You need the
personal access token you created in Create and manage personal access tokens as a user. It is required for
authentication.
You also need to have comply-operator
or
comply-admin
permissions on the token to trigger an ad-hoc
scan.
-
Optional:
Get the host's information. This step can be skipped if you do not want to run
a scan on a particular host.
curl --request GET \
--url http://<COMPLY-HOSTNAME>:8088/api/public/v1/hosts \
--header 'Authorization: Bearer <TOKEN>'
This returns something similar to:
{
"data": [
{
"id": 1,
"name": "00.example.puppet.net",
"environment": "development",
"assessor_version": "4.41.0",
"operating_system": {
"id": 9,
"name": "AlmaLinux 8"
}
},
...
{
"id": 10,
"name": "09.example.puppet.net",
"environment": "production",
"assessor_version": "4.41.0",
"operating_system": {
"id": 45,
"name": "Debian 12"
}
}
],
"total": 100,
"next": "/api/public/v1/hosts?offset=10&limit=10",
"offset": 0,
"limit": 10
}
From this you can extract the name of the hosts.
-
Get the operating system information.
curl --request GET \
--url 'http://<COMPLY_HOSTNAME>:8088/api/public/v1/operating-systems' \
--header 'Authorization: Bearer <TOKEN>'
This returns something similar to:
[
{
"id": 8,
"name": "CentOS 7",
"compatible_benchmarks": [
{
"id": 8,
"name": "4.0.0 CIS CentOS Linux 7"
}
]
},
...
{
"id": 3,
"name": "macOS 13.0",
"compatible_benchmarks": [
{
"id": 3,
"name": "2.0.0 CIS Apple macOS 13.0 Ventura"
}
]
}
]
From this you can extract the name of the operating system.
-
Run the ad-hoc scan on nodes with specified hostnames, operating systems, and
environment and node groups. Pass these as a filter object of the request
body.
curl --request POST \
--url http://<COMPLY_HOSTNAME>:8088/api/public/v1/scan \
--header 'Authorization: Bearer <TOKEN>' \
--header 'Content-Type: application/json' \
--data '{
"scan-type": "desired",
"filters": {
"operating_systems": [
"redhat 7",
"redhat 8"
]
}
}'
This triggers a scan on all Red Hat 7 and Red
Hat 8 nodes in the Puppet Enterprise
inventory.
-
Optional:
You can run a scan on particular hosts using the hostnames gathered from Step
1.
curl --request POST \
--url http://<COMPLY_HOSTNAME>:8088/api/public/v1/scan \
--header 'Authorization: Bearer <TOKEN>' \
--header 'Content-Type: application/json' \
--data '{
"scan-type": "desired",
"filters": {
"hostnames": [
"00.example.puppet.net"
]
}
}'
This triggers a scan on the 00.example.puppet.net
host.