Continuous Compliance with InSpec: Bay Area Chef Meetup at Wealthfront

Last month, I spoke at the The Bay Area Chef Meetup, hosted by long time #ChefFriends, Wealthfront. They shared their Chef development process beginning with local dev, using Test Kitchen, all the way through their automated testing pipeline. There were also a lot of great discussions about test driven development practices. You can learn more about Chef’s approach to TDD by watching this on-demand webinar.

I gave a presentation and demo of InSpec as part of a high-velocity workflow. InSpec is Chef’s open source project for compliance and integration testing with a human-and machine-readable language for specifying policy requirements. The slides can be downloaded here.

Using a combination of command-line and remote-execution tools, InSpec aligns security and compliance guidelines on an ongoing basis, rather than waiting to remediate after arduous annual audits. InSpec is open source, which makes it a key tool choice for incorporating security into a complete continuous delivery workflow, irrespective of configuration management tools. This reduces the risk of new features and releases breaking established security guidelines.

To get hands on with InSpec, find an event near you or try these tutorials.

A big thank you to Wealthfront for hosting this Meetup.

Author Jessica DeVita

Jessica DeVita is a Technical Evangelist at Chef. Previously at Microsoft as an evangelist, she championed the Windows IT Pro community to adopt devops and introduce them to the power of automation. Ms. DeVita serves on the advisory board of the Mitch Hill Center for Applied Business IT http://mchabit.org and is the founder of the consulting firm UberGeekGirl, serving music+entertainment firms in Los Angeles.