Last month, I spoke at the The Bay Area Chef Meetup, hosted by long time #ChefFriends, Wealthfront. They shared their Chef development process beginning with local dev, using Test Kitchen, all the way through their automated testing pipeline. There were also a lot of great discussions about test driven development practices. You can learn more about Chef’s approach to TDD by watching this on-demand webinar.
I gave a presentation and demo of InSpec as part of a high-velocity workflow. InSpec is Chef’s open source project for compliance and integration testing with a human-and machine-readable language for specifying policy requirements. The slides can be downloaded here.
Using a combination of command-line and remote-execution tools, InSpec aligns security and compliance guidelines on an ongoing basis, rather than waiting to remediate after arduous annual audits. InSpec is open source, which makes it a key tool choice for incorporating security into a complete continuous delivery workflow, irrespective of configuration management tools. This reduces the risk of new features and releases breaking established security guidelines.
A big thank you to Wealthfront for hosting this Meetup.