Compliance as Code
Turn your compliance, security, and other policy requirements into automated tests.
View Docs Download InSpecCompliance by design
Platform Agnostic
Chef InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.
Test Locally or Remotely
Chef InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.
Free To Run Anywhere
Chef InSpec can easily express compliance as code, with the freedom to run anywhere.
Extensible Language
Easily extend the Chef InSpec language to cover new operating systems, devices, or applications.
can be used for
can be used for
control 'sshd-21' do
title 'Set SSH Protocol to 2'
desc 'A detailed description'
impact 1.0 # This is critical ref 'compliance guide, section 2.1'
describe sshd_config do
its('Protocol') { should cmp 2 }
end
end
Codify agreements
Combine profiles and customize them with overlays. Pick controls and define exceptions as code.
Add context to your tests
Utilize many fields like descriptions, tags, and impact.
Apply to all systems
Analyze everything using the same codified profiles and controls.
describe file('/etc/myapp.conf') do
it { should exist }
its('mode') { should cmp 0644 }
end
describe apache_conf do
its('Listen') { should cmp 8080 }
end
describe port(8080) do
it { should be_listening }
end
Test the desired state
Verify the current desired state of your apps and infrastructure according to the code you write.
Human-readable code
Reduce friction by writing tests that are easy to understand by anyone.
Extensible
Create custom resources with ease and share them easily with others.
describe aws_s3_bucket(bucket_name: 'my_secret_files') do
it { should exist }
it { should_not be_public }
end
describe aws_iam_user(username: 'test_user') do
it { should have_mfa_enabled }
it { should_not have_console_password }
end
Test AWS and Azure configuration
Verify all necessary settings of your favorite public cloud providers.
Test provisioners
Chef InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.
Verify security configuration
Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.
Get started in 3 simple steps
1
Write the test
Create simple Ruby-based tests to verify your expected state against the current state of your systems.
control 'example-1.0' do
impact 0.9
title 'Ensure login disabled'
desc 'An optional description...'
describe sshd_config do
its('PermitRootLogin') {
should_not cmp 'yes'
}
end
end
2
Run the test
Execute your test against your target system locally or remotely with one simple command.
$ inspec exec linux-baseline
3
See the results
See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.
Profile: Chef InSpec Profile (example_profile)
Version: 0.1.0
Target: local://
✔ example-1.0: Ensure root login is disabled via SSH
✔ SSHD Configuration PermitRootLogin should not cmp == "yes"
Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
Test Summary: 1 successful, 0 failures, 0 skipped
Self-learning tutorials
1
Test Expectations with Chef InSpec
Learn how easy it is to automate the testing of your systems with the Chef InSpec Language
2
Chef Compliance: First Steps with Auditing and Remediation
Get started with Chef Compliance, a premium offering that simplifies the auditing and remediation process into a unified workflow.
Community tutorials
Getting started with Chef InSpec -- The Chef InSpec basics series
By Annie Hedgepeth
Windows infrastructure testing using Chef InSpec - Two part series
By Christian Johannsen
Operating Chef InSpec in an air-gapped environment
By Jeremy Miller
Testing Ansible with Chef InSpec
By blindscientist
