Chef Automate Release – December 2017

Last week Chef announced the December release of Chef Automate, which builds on significant compliance automation capabilities delivered during 2017. Our customers use Chef Automate to detect and correct policy violations that indicate non-compliance with standards ranging from company policies to government regulations.

To help customers meet these standards and keep pace with increasing complexity, we focused this release on making it easier to scan and detect issues, manage compliance across heterogeneous environments, and report results to support decision making. The December release delivers complete scanner capabilities, greater depth in Windows environments, STIG support, and enhanced reporting.

Scheduled scanning to support continuous compliance

Scheduled scanning to support continuous compliance

The compliance scanner in Chef Automate now supports job scheduling, making it possible to schedule scans to run any time or on a recurring schedule. In addition to eliminating redundant effort when running repeated scans, by automating scanning in this way, organizations maintain an ongoing view of compliance status while executing scans at times that do not disrupt operations.

The December release also adds enhanced security for secrets management in the compliance scanner, addressing our customers’ needs for data confidentiality.

Deep Windows support and new STIG profile

Deep Windows support and new STIG profile

Chef Automate includes a library of compliance profiles to help organizations meet common standards. In the December release we extend our Windows support with a new CIS Compliance Profile for Windows Server 2016. The profile reflects deep insight into Windows Server behavior and contains hundreds of individual controls to help achieve compliance for modern Windows Servers.

In addition, we’ve introduced the first Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) compliance profile for Chef Automate. We’ve included over 250 controls for Red Hat Enterprise Linux 6 to help organizations meet the stringent STIG security guidelines.

While the new content makes it possible to implement compliance standards across more environments, performance improvements in the latest release make it much more efficient to run tests. Chef Automate now executes CIS Windows profiles 90% faster, and CIS Linux profiles 30% faster with use of the audit cookbook v6.

Report on compliance at any scale

Enhancements in the December release make compliance reporting faster, more insightful, and less of a burden as data volumes grow. With multiple improvements to the Chef Automate backend, reporting across large environments is now snappier. Improved suggestions make searches faster and more targeted. And teams can now configure distinct retention periods for compliance and Chef client run data. This allows organizations to keep compliance data for longer periods without having to unnecessarily maintain Chef client run data for the same period.

Thank you

We are proud of how far Chef Automate has come in 2017, and this sort of progress doesn’t happen without skilled and insightful Chef Automate customers who put it to work in the world’s most demanding environments. Many of our enhancement ideas come directly from our customers. In the December release, those ideas include data retention periods and the ‘delete runner’ command, which makes it easier to manage nodes executing jobs. Thank you for challenging us, and we look forward to doing great things with you in 2018.

For more information on our December release, be sure to check out our release announcement.

Author Dan Hauenstein

Dan is Sr. Director of Product Marketing at Chef, helping companies understand Chef so they can achieve speed and outpace the competition. He has spent 20 years in strategy, marketing, and enablement roles in the enterprise software space at companies including Hortonworks, IBM, Micromuse, and McKinsey & Co. Throughout his career he’s tried to make complicated subjects easy to understand, mainly by boiling them down to three bullet points.