About Chef InSpec and Train Plugins
Chef InSpec Plugins are optional software components that extend the capabilities
of InSpec. For example,
is a Plugin project that aims to generate Chef InSpec controls from
infrastructure-as-code files. Plugins are distributed as RubyGems, and Chef InSpec
manages their installation. Chef InSpec Plugins always begin with the prefix
Train Plugins allow Chef InSpec to speak to new kinds of targets (typically new remote targets or APIs, but you could treat the local system in a new way if you wished to). For example, if you wanted to audit a Kubernetes cluster, you might want a transport that can talk to the supervisor API. You would develop a Train Plugin for that, and install it using the Chef InSpec command line. Train Plugins always begin with the prefix ’train-'.
Currently, each plugin can offer one or more of these capabilities:
- define new output formats (“reporters”)
- input sources
- define a new command-line-interface (CLI) command suite (
- connectivity to new types of hosts or cloud providers (
- DSL extensions at the file, control, describe block, or test level
- DSL extensions for custom resources
The Chef InSpec CLI can tell you which plugins are available:
inspec plugin search inspec-
The Chef InSpec command line now offers a new subcommand just for managing plugins.
You can install a plugin by running:
inspec plugin install inspec-some-plugin inspec plugin install train-some-plugin
For more details on what the
plugin command can do, run
inspec plugin help.
You can specify an alternate source by passing the base of your Gem repository to
inspec plugin search --source https://my.private.server inspec-private inspec plugin install --source https://my.private.server inspec-private-plugin
For details on how to author a Chef InSpec Plugin, see the developer documentation
For details on how to author a Train Plugin, see the developer documentation
Was this page helpful?