Skip to main content

Chef Inspec interpreter

Chef Courier provides first-class integration with Chef Inspec, so you can execute InSpec commands in any job. If you have the Chef Inspec skill or an existing Chef Inspec installation on a node, you can run InSpec scans.

Use the scan command to execute an InSpec audit scan, for example:

"command":{
    "exec":"scan",
    "args":{
      "path":"http://github.com/dev-sec/ssh-baseline"
    }
}

The scan command accepts the following arguments:

waiver
A waiver file or URL that lists controls that are waived for compliance reasons.
input
Inputs and values added directly to control code.
path
The path to an InSpec profile.
username
The username used to authenticate with a remote system.
token
The authentication token for accessing secured resources or APIs.
source
The source indicates the location of the fetched profile or content, such as URL or directory.
sourceURL
The source URL to retrieve a profile or other resources.
reporterType
The reporter type that the results of an InSpec audit run are returned to.
reporterFileName
The file name used to save the reporter output.
licenseKey
The license key to validate an installation of Chef InSpec.
licenseServer
The URL or address of the license server to validate the license key.
minSuccess
Minimum criteria percentage to pass the job.

Thank you for your feedback!

×