Protect Yourself From the RubyGems Backdoor by InSpec’ing Your Fleet

Chef has invested a lot with the Enterprise Automation Stack in security. With Chef InSpec you can easily scan your systems for potential vulnerabilities and then leverage Chef Infra to run remediation across your entire fleet. This is important because last week’s RubyGems vulnerability likely affected other software you have deployed that uses Ruby. To […]

Read More

Chef Confirms No Products Affected by Backdoored RubyGems

At Chef, we have a cross-functional security team who evaluates and responds to potential security incidents. Because a significant portion of our code uses Ruby and Ruby libraries (known as “gems”), we have been paying close attention to the reports of malicious code insertion into several gems. Shortly after the news of the compromise became […]

Read More

Secure Your Cloud Estate with Continuous Audits

To meet the demands of an ever more connected world, executing on a comprehensive cloud strategy has become a critical component for organizations at any scale. While cloud platforms have made it incredibly easy to define and scale environments on demand, with those capabilities come new challenges in how to validate that those environments have […]

Read More

Reintro to Chef InSpec 4.0 and End of Life Announcement for v1.x and v2.x

With all of the excitement during ChefConf 2019, you may have missed that we released Chef InSpec 4.0 in May 2019. We put a focus on optimizing the core Chef InSpec product while making it more extensible and capable in handling the next generation of resources. The highlights of Chef InSpec version 4.0 include:  Inputs […]

Read More

What Does the New Chef Mean for the Community?

Chef would not exist without its community. Our Open Source community built the foundation upon which every part of Chef stands. Together we continue to evolve and grow and shape each other as Chef moves into its third chapter. At Chef we firmly believe that Open Source Software – built by a community of contributors across […]

Read More

End of Support: A Catalyst to Application Lifecycle Modernization

As many of you know, the standard Microsoft lifecycle policy is 10 years of support (5 for mainstream + 5 for extended support) for business and developer products, such as SQL and Windows servers. At the end of the extended support period, patches or security updates are no longer provided, creating security and compliance issues. […]

Read More