Secure Your Cloud Estate with Continuous Audits

To meet the demands of an ever more connected world, executing on a comprehensive cloud strategy has become a critical component for organizations at any scale. While cloud platforms have made it incredibly easy to define and scale environments on demand, with those capabilities come new challenges in how to validate that those environments have […]

Read More

Chef Software is the First CIS Partner Certified on AWS, Azure, and GCP

Chef is excited to announce that we have achieved official Center for Internet Security certification on the Amazon Web Services Foundations Benchmarks (level 1 & level 2). With this certification, Chef Software is the first CIS partner to be certified on all three cloud providers for which they publish security benchmarks: Amazon Web Services, Microsoft […]

Read More

Detect Kubernetes Vulnerabilities with InSpec

Earlier this week a critical security vulnerability was uncovered in the Kubernetes API server. The vulnerability, CVE-2018-1002105, uncovers an attack vector that would allow an unprivileged or unauthenticated user to escalate their privileges and run arbitrary commands with cluster-admin level access. The severity of this vulnerability is compounded by the fact that because these unauthorized […]

Read More

Preparing for Audits with InSpec

Preparing for a compliance audit can be an overwhelming process. Coordinating and translating requirements between teams is often a time consuming, manual process, regressions uncovered between audits can drive friction between internal IT and security teams, and between the rise of cloud and container solutions and numerous emerging regulatory frameworks, the sheer breadth of what […]

Read More

Announcing InSpec 3.0

We’re excited to announce the release of InSpec 3.0! Since the last major revision of InSpec in February, InSpec has been downloaded 49270 times, we’ve merged more than 330 pull requests from 85 contributors, and added dozens of new resources. The 3.0 release includes a ton of bug fixes, usability improvements, and additional platform support. […]

Read More

Continuous Compliance for Painless Ongoing Audits

Audits are stressful. If your organization is subject to regulatory compliance rules, chances are you’ve experienced firsthand how time-consuming and painful they can be. Preparing for and satisfying an audit is often a multi-month process with e-mails and documents flying between auditors, compliance officers, information security professionals, and the teams responsible for your infrastructure and […]

Read More