Augment your Audits with InSpec 2.0

InSpec is a powerful framework for automating the testing and auditing of environments you manage. With the recent release of InSpec 2.0, it’s gotten even better with various performance improvements, extra resources, and for the first time, the ability to scan not only servers, but cloud endpoints with new AWS and Microsoft Azure resources. Last week I presented an overview of these features in a live webinar. If you missed it, the recording is now available! If you’d like to follow along with any of the live demonstration, we’ve made the profiles I used available in GitHub.

InSpec 2.0 Q&A

There were a ton of questions asked during the live webinar — too many, in fact, to cover in the time allotted! With that in mind, I thought I’d address some of the common themes here for easy reference.

What does InSpec cost?
InSpec is open source, and can be used by anyone free of cost! That means you can start scanning your environments today, either by installing the ChefDK or by installing InSpec directly via a variety of options. While InSpec itself is free to use, there are some extra features available in our enterprise platform, Chef Automate. These include a larger library of pre-written profiles based on standards like CIS and DISA STIG, a GUI-based agentless scanner, and the ability to collect audit details in filterable compliance reports.

Can I integrate InSpec with [CM_TOOL_X] or [CI/CD_TOOL_Y]?
Yes! InSpec can directly target machines agentlessly over SSH or WinRM, allowing it to be used whether or not you’re managing systems with Chef. Because those scans can be initiated via a commandline utility, it can also be easily integrated into your CI/CD pipelines as with similar utilities for building and deploying application artifacts.

Can InSpec results be formatted as JSON and/or JUnit?
Yes! The InSpec cli features a reporter flag which allows a number of alternative formatting options, including json, json-min, json-rspec and junit.

When will InSpec support [CLOUD_SERVICE_X]?
The cloud resources are a new addition to InSpec, and new functionality will continue to be released in future updates. The InSpec documentation lists all current resources for AWS and Azure, and since InSpec is open source, you can see what other resources have been suggested or created by the community by perusing its GitHub issues, with labels for AWS and Azure respectively.

What’s Next?

Nick Rycar

Nick is a Technical Product Marketing Manager working out of Chef HQ in Seattle. When he's not busy preparing product demos, he's torturing his colleagues with terrible puns and needlessly esoteric pop-culture trivia. Mostly he's just another confused New York transplant in the Pacific Northwest.