An Overview of Chef InSpec
Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. It compares the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. It detects violations and displays findings in the form of a report, but puts you in control of remediation.
Chef InSpec is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily.
How does Chef InSpec work?
Chef InSpec uses profiles to audit infrastructure. An InSpec profile organizes multiple controls into a reusable artifact. You can describe your profiles with metadata, version them, pin them to specific versions of InSpec, define specific platforms that a profile can test, and define profile dependencies.
A control defines a regulatory recommendation or requirement for the state of a system. Each profile can have many controls and each control audits different aspects of a system.
Chef InSpec resources allow you to test specific parts of your infrastructure. Chef InSpec has 1106 resources ready to use–from Apache2 to ZFS pool. This includes resources for testing AWS, Azure, AliCloud, and GCP cloud infrastructure, and you can create your own custom resources if we don’t have a resource that meets your needs.
InSpec reporters format and deliver the results of an InSpec audit run. You can output results to the standard output; to text formats like JSON, HTML, or plain text; or send the results directly to Chef Automate.
Run your tests wherever your infrastructure is—locally or in the cloud. Chef InSpec is designed for platforms and treats operating systems as special cases. Chef InSpec helps you, whether you use Windows Server on your own hardware or run Linux in Docker containers in the cloud. As for the cloud, you can use Chef InSpec to target applications and services running on Alibaba, AWS, Azure, and GCP.
The InSpec community created several open-source profiles that are free to use.
inspec supermarket profiles command to list the available profiles, or view them in Chef Supermarket. This includes the DevSec Hardening Framework, a set of server hardening profiles.
Chef offers premium CIS- and STIG-based profiles for compliance scanning across a range of enterprise assets.
- Learn Chef: Test Expectations with Chef InSpec
- Learn Chef: Extending InSpec: InSpec Wrappers and Custom Resources
- Chef InSpec webinars
- Chef Resource Library