About Chef InSpec Profiles
A Chef InSpec profile organizes multiple controls into a reusable artifact that can be described and versioned. Each profile is a standalone structure with its own distribution and execution flow.
Chef InSpec supports complex test and compliance profiles, which organize controls to support dependency management and code reuse.
For hands-on examples, check out Test Expectations with Chef InSpec on Learn Chef to learn more about how profiles are structured.
Initialize a new profile
Use the InSpec CLI to generate a new profile.
inspec init profile <PROFILE NAME>
You can an initialize profiles that are configured for Google Cloud, Azure, or AWS using the
inspec init profile --platform <PLATFORM> <PROFILE NAME>
<PROFILE NAME>with the name of your profile
<PLATFORM>with one of the following:
A profile has following structure:
profile ├── README.md ├── controls │ ├── example.rb │ └── control_etc.rb ├── libraries │ └── extension.rb |── files │ └── extras.conf └── inspec.yml
inspec.ymlfile describes the profile.
controlsdirectory contains all tests.
librariesdirectory contains all Chef InSpec resource extensions.
filesdirectory contains additional files that a profile can access.
README.mdexplains the profile, its scope, and usage.
inspec check command to verify the implementation of a profile:
inspec check examples/profile
Execute a profile
exec subcommand to execute a profile.
inspec exec <PROFILE>
inspec exec accepts profiles from several sources, including a local directory, Git repositories, and web-hosted tar files.
inspec exec documentation for more information.
You can format the results of an audit using InSpec reporters.
inspec repository for some example profiles.