{"id":15175986,"url":"https://github.com/hashicorp/packer-plugin-puppet","last_synced_at":"2025-10-01T14:31:13.393Z","repository":{"id":46130788,"uuid":"358037213","full_name":"hashicorp/packer-plugin-puppet","owner":"hashicorp","description":"This Packer provisioner has been archived due to it no longer being maintained. Users are encouraged to use the shell or shell-local\nprovisioner to run the provisioning tools made available by this plugin. If interested in maintaining this plugin please reach out to\nus at packer@hashicorp.com.\n","archived":true,"fork":false,"pushed_at":"2021-11-11T20:40:26.000Z","size":656,"stargazers_count":3,"open_issues_count":2,"forks_count":5,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-07-01T06:05:13.264Z","etag":null,"topics":["packer","packer-plugin","puppet","puppet-masterless","puppet-server"],"latest_commit_sha":null,"homepage":"https://www.packer.io/docs/provisioners/puppet/puppet-masterless","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hashicorp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2021-04-14T20:42:50.000Z","updated_at":"2024-09-29T13:08:19.000Z","dependencies_parsed_at":"2022-09-11T22:51:25.152Z","dependency_job_id":null,"html_url":"https://github.com/hashicorp/packer-plugin-puppet","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":"hashicorp/packer-plugin-scaffolding","purl":"pkg:github/hashicorp/packer-plugin-puppet","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fpacker-plugin-puppet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fpacker-plugin-puppet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fpacker-plugin-puppet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fpacker-plugin-puppet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hashicorp","download_url":"https://codeload.github.com/hashicorp/packer-plugin-puppet/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fpacker-plugin-puppet/sbom","scorecard":{"id":457107,"data":{"date":"2025-08-11","repo":{"name":"github.com/hashicorp/packer-plugin-puppet","commit":"0fb3941023e2d2f70da240b8d541df8dde46e312"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.6,"checks":[{"name":"Code-Review","score":1,"reason":"Found 2/18 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/packer-plugin-puppet/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/packer-plugin-puppet/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/packer-plugin-puppet/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/packer-plugin-puppet/release.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":8,"reason":"4 out of the last 4 releases have a total of 4 signed artifacts.","details":["Info: signed release artifact: packer-plugin-puppet_v1.0.1_SHA256SUMS.sig: https://github.com/hashicorp/packer-plugin-puppet/releases/tag/v1.0.1","Info: signed release artifact: packer-plugin-puppet_v1.0.0_SHA256SUMS.sig: https://github.com/hashicorp/packer-plugin-puppet/releases/tag/v1.0.0","Info: signed release artifact: packer-plugin-puppet_v0.0.2_SHA256SUMS.sig: https://github.com/hashicorp/packer-plugin-puppet/releases/tag/v0.0.2","Info: signed release artifact: packer-plugin-puppet_v0.0.1_SHA256SUMS.sig: https://github.com/hashicorp/packer-plugin-puppet/releases/tag/v0.0.1","Warn: release artifact v1.0.1 does not have provenance: https://api.github.com/repos/hashicorp/packer-plugin-puppet/releases/52171189","Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/hashicorp/packer-plugin-puppet/releases/44577333","Warn: release artifact v0.0.2 does not have provenance: https://api.github.com/repos/hashicorp/packer-plugin-puppet/releases/42790718","Warn: release artifact v0.0.1 does not have provenance: https://api.github.com/repos/hashicorp/packer-plugin-puppet/releases/41729494"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/hashicorp/.github/SECURITY.md:1","Info: Found linked content: github.com/hashicorp/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/hashicorp/.github/SECURITY.md:1","Info: Found text in security policy: github.com/hashicorp/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"26 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2022-0586 / GHSA-28r2-q6m8-9hpx / GHSA-cjr4-fv6c-f3mv / GHSA-fcgg-rvwg-jv58 / GHSA-x24g-9w7v-vprh","Warn: Project is vulnerable to: GO-2023-1578 / GHSA-jpxj-2jvg-6jv9","Warn: Project is vulnerable to: GO-2024-2947 / GHSA-v6v8-xj6m-xwqh","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2024-2631 / GHSA-c5q2-7r4c-mv6g","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T10:00:14.768Z","repository_id":46130788,"created_at":"2025-08-19T10:00:14.768Z","updated_at":"2025-08-19T10:00:14.768Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277854310,"owners_count":25889052,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-01T02:00:09.286Z","response_time":88,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["packer","packer-plugin","puppet","puppet-masterless","puppet-server"],"created_at":"2024-09-27T13:00:27.756Z","updated_at":"2025-10-01T14:31:13.039Z","avatar_url":"https://github.com/hashicorp.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Packer Plugin Puppet\nThe `Puppet` multi-component plugin can be used with HashiCorp [Packer](https://www.packer.io)\nto create custom images. For the full list of available features for this plugin see [docs](docs).\n\n## Installation\n\n### Using pre-built releases\n\n#### Using the `packer init` command\n\nStarting from version 1.7, Packer supports a new `packer init` command allowing\nautomatic installation of Packer plugins. Read the\n[Packer documentation](https://www.packer.io/docs/commands/init) for more information.\n\nTo install this plugin, copy and paste this code into your Packer configuration .\nThen, run [`packer init`](https://www.packer.io/docs/commands/init).\n\n```hcl\npacker {\n  required_plugins {\n    puppet = {\n      version = \"\u003e= 1.0.0\"\n      source  = \"github.com/hashicorp/puppet\"\n    }\n  }\n}\n```\n\n\n#### Manual installation\n\nYou can find pre-built binary releases of the plugin [here](https://github.com/hashicorp/packer-plugin-puppet/releases).\nOnce you have downloaded the latest archive corresponding to your target OS,\nuncompress it to retrieve the plugin binary file corresponding to your platform.\nTo install the plugin, please follow the Packer documentation on\n[installing a plugin](https://www.packer.io/docs/extending/plugins/#installing-plugins).\n\n\n### From Sources\n\nIf you prefer to build the plugin from sources, clone the GitHub repository\nlocally and run the command `go build` from the root\ndirectory. Upon successful compilation, a `packer-plugin-puppet` plugin\nbinary file can be found in the root directory.\nTo install the compiled plugin, please follow the official Packer documentation\non [installing a plugin](https://www.packer.io/docs/extending/plugins/#installing-plugins).\n\n\n### Configuration\n\nFor more information on how to configure the plugin, please read the\ndocumentation located in the [`docs/`](docs) directory.\n\n\n## Contributing\n\n* If you think you've found a bug in the code or you have a question regarding\n  the usage of this software, please reach out to us by opening an issue in\n  this GitHub repository.\n* Contributions to this project are welcome: if you want to add a feature or a\n  fix a bug, please do so by opening a Pull Request in this GitHub repository.\n  In case of feature contribution, we kindly ask you to open an issue to\n  discuss it beforehand.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhashicorp%2Fpacker-plugin-puppet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhashicorp%2Fpacker-plugin-puppet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhashicorp%2Fpacker-plugin-puppet/lists"}