Chef Blogs

Announcing InSpec 2.0

Julian Dunn | Posted on | announcements | Chef InSpec | compliance | release

We are delighted to announce the availability of InSpec 2.0, the newest version of Chef’s open-source project for compliance automation. InSpec helps you express security and compliance requirements as code and incorporate it directly into the delivery process, eliminating ambiguity and manual processes to help you ship faster while remaining secure.

What’s New in InSpec 2.0

InSpec 2.0’s newest feature is the ability to test cloud resources for compliance, not just machines, by connecting directly to cloud provider APIs. Today we are launching with support for Amazon Web Services (AWS) and Microsoft Azure, with more to come. For example, here is how you can use InSpec to check for insecure AWS S3 buckets, which is a common security problem that has been in the news recently:

describe aws_s3_bucket(bucket_name: 'my_secret_files') do
  it { should exist }
  it { should_not be_public }
end

We can also write a similar rule for an Azure storage group containing publicly-accessible blobs to make sure it follows best practices:

describe azure_generic_resource(group_name: 'my_secret_storage', type: 'Microsoft.Storage/storageAccounts') do
  its('properties.encryption.keySource') { should cmp 'Microsoft.Storage' }
  its('properties.encryption.services.blob.enabled') { should be true }
  its('properties.supportsHttpsTrafficOnly') { should be true }
end

Get Started with InSpec 2.0

To get started with the new compliance features in InSpec 2.0, please see this brief tutorial that shows you how to check several aspects of an Amazon virtual machine instance. You can also look at InSpec’s documentation which illustrates all the cloud resources available for testing. Shortly, we will have additional tracks on Learn Chef Rally with extended tutorials for cloud resources on both AWS and Microsoft Azure.

InSpec 2.0 also includes over 30 new resources to help you test common system and application configurations for conformance. You can now natively write InSpec rules for checks as diverse as SQL database configurations, webserver (Apache/IIS/NGINX) configurations, Docker images, and much more.

Thanks to our contributors 

We’d like to thank all of our open-source InSpec community members for helping to make this release amazing, particularly our development partners at D2L and MITRE, as well as our InSpec engineering team here at Chef. Thank you for using InSpec and we hope you enjoy the new release.

Learn more

  • Register to attend our live webinar, “Augment your Audits with InSpec 2.0″, on Wednesday, March 21st at 11:00 AM PT. See a live demo of what’s new in InSpec and learn how to kickstart your continuous compliance journey.
  • Want a taste of InSpec right away? Our preconfigured, ready-to-go environments on Learn Chef Rally will help you explore how it works in minutes.
  • Sign up for our InSpec Jumpstart workshop at ChefConf. Learn through hands-on labs how to detect and correct with InSpec to ensure you have a secure and compliant infrastructure.