Protect Yourself From the RubyGems Backdoor by InSpec’ing Your Fleet

Chef has invested a lot with the Enterprise Automation Stack in security. With Chef InSpec you can easily scan your systems for potential vulnerabilities and then leverage Chef Infra to run remediation across your entire fleet. This is important because last week’s RubyGems vulnerability likely affected other software you have deployed that uses Ruby. To […]

Read More

Chef Confirms No Products Affected by Backdoored RubyGems

At Chef, we have a cross-functional security team who evaluates and responds to potential security incidents. Because a significant portion of our code uses Ruby and Ruby libraries (known as “gems”), we have been paying close attention to the reports of malicious code insertion into several gems. Shortly after the news of the compromise became […]

Read More

Applying Compliance on Azure Government with InSpec

In government, compliance and security are a critical component of our job function. The current state of compliance frameworks are bulky and unwieldy for those inexperienced with OpenSCAP/XML. Microsoft Azure Government cloud and InSpec are designed to provide a common language for security, compliance, and automation teams to converge around. Azure Government is designed to […]

Read More