Chef InSpec is compliance as code
Turn your compliance, security, and other policy requirements into automated tests.
Star
How Chef InSpec worksGet started with Chef InSpec in 3 simple steps
1
write the test
Create simple Ruby-based tests to verify your expected state against the current state of your systems.
2
run the test
Execute your test against your target system locally or remotely with one simple command.
$ inspec exec linux-baseline
3
See the results
See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.
Features of Chef InSpecChef InSpec is compliance by design
Platform Agnostic
Chef InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.
Test locally or remotely
Chef InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.
Free to run anywhere
Chef InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.
Extensible language
Easily extend the Chef InSpec language to cover new operating systems, devices, or applications.
Transform your compliance and security requirements into simple code
Codify agreements
Combine profiles and customize them with overlays. Pick controls and define exceptions as code.
Add context to your tests
Utilize many fields like descriptions, tags, and impact.
Apply to all systems
Analyze everything using the same codified profiles and controls.
control 'sshd-21' do
title 'Set SSH Protocol to 2'
desc 'A detailed description'
impact 1.0 # This is critical ref 'compliance guide, section 2.1'
describe sshd_config do
its('Protocol') { should cmp 2 }
end
end
Solve your infrastructure testing needs simply and efficiently
Test the desired state
Verify the current desired state of your apps and infrastructure according to the code you write.
HUMAN-READABLE CODE
Reduce friction by writing tests that are easy to understand by anyone.
Extensible
Create custom resources with ease and share them easily with others.
describe file('/etc/myapp.conf') do
it { should exist }
its('mode') { should cmp 0644 }
end
describe apache_conf do
its('Listen') { should cmp 8080 }
end
describe port(8080) do
it { should be_listening }
end
Verify provisioning to cloud providers
Test AWS and Azure configuration
Verify all necessary settings of your favorite public cloud providers.
Test provisioners
Chef InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.
Verify security configuration
Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.
describe aws_s3_bucket(bucket_name: 'my_secret_files') do
it { should exist }
it { should_not be_public }
end
describe aws_iam_user(username: 'test_user') do
it { should have_mfa_enabled }
it { should_not have_console_password }
end