Skip to main content

About Chef InSpec Profiles

A Chef InSpec profile organizes multiple controls into a reusable artifact that can be described and versioned. Each profile is a standalone structure with its own distribution and execution flow.

Chef InSpec supports complex test and compliance profiles, which organize controls to support dependency management and code reuse.

For hands-on examples, check out Test Expectations with Chef InSpec on Learn Chef to learn more about how profiles are structured.

Initialize a new profile

Use the InSpec CLI to generate a new profile.

inspec init profile <PROFILE NAME>


You can an initialize profiles that are configured for Google Cloud, Azure, or AWS using the --platform option.

inspec init profile --platform <PLATFORM> <PROFILE NAME>


  • <PROFILE NAME> with the name of your profile
  • <PLATFORM> with one of the following:
    • aws
    • azure
    • gcp

Profile structure

A profile has following structure:

├── controls
│   ├── example.rb
│   └── control_etc.rb
├── libraries
│   └── extension.rb
|── files
│   └── extras.conf
└── inspec.yml
The inspec.yml file describes the profile.


The controls directory contains all tests.


The libraries directory contains all Chef InSpec resource extensions.


The files directory contains additional files that a profile can access.

The explains the profile, its scope, and usage.


Verify profiles

Use the inspec check command to verify the implementation of a profile:

inspec check examples/profile

Execute a profile

Use the exec subcommand to execute a profile.

inspec exec <PROFILE>

inspec exec accepts profiles from several sources, including a local directory, Git repositories, and web-hosted tar files. See the inspec exec documentation for more information.

You can format the results of an audit using InSpec reporters.

Example profiles

See the inspec repository for some example profiles.

Edit this page on GitHub

Thank you for your feedback!


Search Results