Chef Compliance 0.11.1 release

Chef Compliance 0.11.1 is now available from the Chef downloads site. This is a minor release update which is recommended for all users for Chef Compliance.

Implemented enhancements:

  • Improve feedback when profiles uploaded by reporting any inspec check errors
  • Improvements handling metadata in inspec.yml. Only the name of the profile needs to be included, not the owner, enabling seamless sharing of profiles between different users.

This release also includes InSpec 0.10.1. The full changelog can be found here.

Upgrade instructions for Chef Compliance are found here.

Posted in compliance, release Tagged with: ,

7 Ways IT Will Change in 2016 to Bring DevOps Mainstream


As we kickoff 2016 at Chef, I’ve reflected on the important changes impacting our industry and the digital world. Last week I penned a byline in sharing my take on why DevOps will gain mainstream momentum in 2016 and I’m excited to share this perspective here with our broader Chef community.

I’d love to hear what else you think is having a major impact on the fast-changing world we live in – leave a comment below or tweet me @Barry_Crist.

  1. The Job of IT Will Change From Infrastructure to Innovation. In the past, IT has been about providing compute infrastructure and applications to run the internal workings of a company. But this has been radically shifting as digital transformation penetrates nearly every company of significance across the globe. As a result, IT is increasingly about driving innovation and customer value through software. We see this every day from our work with large enterprises; indeed, almost half of the global 500 use Chef in some manner. And, in our interactions with enterprise customers, over 75 percent cite innovation, velocity and agility as top priorities for IT — and the company. The common ingredients behind this are almost always automation, cloud and DevOps. In fact, while these three elements are, in many ways, distinct, they form a magic IT trinity in service of innovation-led organizations. If you need further proof that IT is on its way to becoming the pointy end of the innovation-creation spear inside large-cap companies and organizations, just look at the auto industry, where CES may actually be more important than the Detroit Auto Show, where GM is investing in Lyft, and where Google is doing state-of-the-art R&D on a self-driving car.
  1. Continuous Delivery (CD) Will Become Ubiquitous. CD is the practice of rapid software development and iteration through fast, small-batch releases. In its purest form, developers can drive small, incremental software releases quickly, sometimes as often as every few minutes for some very well-known Web sites. Not long ago, CD was exclusively the domain of big Web innovators such as Facebook, Amazon, Google and Yahoo! Not long ago, making even several releases a day sounded insane. And not long ago, a CIO told me that it was ridiculous to contemplate bringing CD into the enterprise. All this has changed, and today it makes absolutely no business sense to shy away from CD because it’s one of the keys for unleashing an organization’s software development innovation engine. The point is that the whole stack — infrastructure, compliance, security, microservices and applications — is being expressed as code now, and  it’s the same as you deliver with work-flow. In the end, whether your company needs to release frequently all the time, or not, every aspect of IT is charged with a business requirement to do something quickly some of the time. CD is a very important piece of the puzzle.
  1. The Public Cloud Will Triumph in the Enterprise. You may think the cloud is old news, but it’s not. In 2016, the enterprise is going to move beyond public cloud experimentation and project-based work and start migrating entire data centers to the public cloud. We’re also going to see more hybrid cloud initiatives (whatever the composition) because dual adoption helps companies avoid vendor lock-in. As for private cloud projects, there are definitely some good teams and technologies out there. But, having said this, I believe that the public cloud will win out. Many of the lingering public cloud issues, like security and governance, have begun to evaporate. And the ease of use, affordability and effectiveness of the public cloud will simply triumph in the enterprise over the next 12 months at the expense of the private cloud.
  1. We Will Enter a New Era of System Administration. The world of systems administration has changed forever. In the IT world that I grew up in, a human being logged onto a system to manage, update or fix it manually. Since then, compute scale has grown exponentially for most organizations, thanks, in part, to both server virtualization as well as the cloud. Most of our enterprise customers have, excluding desktops, tens of thousands of compute nodes. Some have over 100,000. A few have over 1,000,000. Administering systems manually by having humans act on systems is no longer viable or tenable. In the new era, humans act on code and code acts on machines. In fact, code is the system. In other words, humans act on compute resources through code. And this reality creates a whole new universe for the world of system administration. The bottom line? The job and role of the system administrator will change significantly. Watch this trend play out in 2016.
  1. Peace Will Break Out Between Developers and Security / Compliance Officers. This has been a long-running battle inside the enterprise, and there are several theories behind the conflict. One is miscommunication — the  security team doesn’t think the dev team gets it, and the dev team doesn’t think the security team gets it. Another hypothesis is that developers just want to be left alone to write code for the business, but the business is increasingly worried about security — not just IT security. And, lastly, there’s this explanation for the hostility — developers want to go fast, and security teams want to slow everything down to a safe speed. Whatever the reasons, I believe that developers and security / compliance officers will find much more common ground in 2016 because we’re learning that compliance and velocity aren’t necessarily in conflict with each other.  In fact, high-velocity IT organizations can deal with security threats more quickly by assessing vulnerability, creating a fix, testing it and then deploying it rapidly before the damage is done. We’re also seeing the early beginnings of what I believe will be a very important trend in our industry: compliance defined as code. Today, compliance is all too often defined in binders or text documents; what’s a developer going to do with this? But we’re seeing a new idea emerge: define compliance — either to your own security standards or external, regulatory standards in code. If you can define compliance as code, you can then use that code to create a test that can simply be moved into the software release process and managed like any other automated test. Forward-leaning compliance officers will shift their gaze and embrace their developers because it’s through their software developers that they’ll be able to take their craft to a new level.  Keep an eye on this in 2016.
  1. Executives Will Move Into the DevOps Tent. The DevOps tent will expand to include the executive suite in 2016, and executives are excited to join the practitioner-born DevOps movement. “DevOps” makes one think of only “development” and “operations,” but it’s really a movement focused on how we build and operate high-velocity organizations. Frankly, DevOps is meant for the entire enterprise. The results are both clear and definitive. Mature DevOps organizations see increases in both innovation and quality that flow through to business results, including profit and shareholder value — and, quite possibly, security and safety as well. Executives have seen what code can do, and they’re fervently embracing the far-reaching organizational changes that have accompanied this technology revolution. The good news for DevOps practitioners is that they’re going to find strong support in the executive suite and many will see good things happen to their careers in 2016
  1. Container Technology Will Be Improved and Grow Even More. Containers — which bundle entire run-time environments into packages that make it much easier to move applications from a developer’s laptop to the test, production and end-user stages — are becoming invaluable, especially in homogeneous green-fields, because they abstract so many problems away. But most enterprises aren’t homogeneous green-fields, so the challenge is how to deal with a variety of legacy technologies without re-writing all the applications that run. I believe that this problem will be addressed in 2016, and container usage will expand by leaps and bounds as a result.
There will be other big changes in IT during 2016, but, when combined, I believe these seven represent a truly significant tipping point that will catapult enterprises toward the future with a velocity and vigor that can only enhance and enrich growth.

Posted in cloud, compliance, culture, devops

Update on native 64-bit Windows Chef Client


It’s been a while since we had an update on the status of the native 64-bit Windows Chef client

While we have been busy shipping a myriad of new releases and features since Nov, we have not forgotten the 64-bit work! In fact, I’m very happy to report that we now have the 64-bit builds fully integrated into our pipeline, and integration builds are available to try out from the Chef omnitruck. At the moment, the builds are in the current channel (i.e., they have passed acceptance testing, but not declared an official release), and available for anyone to try out.

Here is a Powershell command you can use to download and install the latest 64-bit client build (make sure to execute this from an Administrative Powershell console, from a 64-bit Windows):

. { iwr -useb } | iex; install -channel current -project chef

This takes us one (huge) step closer to an official release. In the meantime, please try out the build, and make sure to report any issues you find.


Salim Alam Principal Software Engineer Chef Inc.

Posted in chef, partners

Supermarket 2.3.3 Release


Supermarket 2.3.3 is now available. This release contains bug fixes, minor enhancements, and security updates. Supermarket version 2.3.3 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository. If you are using the Supermarket omnibus cookbook, upgrading to this version can be as simple as a chef-client run on your hosts—if you’ve left the version of Supermarket at the default :latest—or updating your wrapper cookbook’s attributes to ['supermarket_omnibus']['package_version'] = '2.3.3'. The community Supermarket has already been updated.

Security Fixes:

  • Upgraded OpenSSL in omnibus package
Bug Fixes:
  • Fixed display of dependencies for past cookbook versions
  • Added Partner Cookbook badge and search. The upcoming Chef Partner Cookbook program will allow users to find cookbooks jointly developed with Chef by the vendors providing those products.
  • Added chef_versions and ohai_versions to metadata parser in effort towards implementing RFC037
  • Increased the number of contributors shown per page.
Tidying Up:
  • Upgraded RSpec
  • Added rake task to spin up Docker containers for PostgreSQL and Redis in development
  • Added guard for RSpec and Rubocop watchers in development

Posted in release, security, supermarket

Delivery’s Bitbucket (Stash) Integration Released

deliveryandstashOhai Chefs!  We are delighted to announce the release of a new feature in Chef Delivery. Delivery now supports integration with Atlassian Bitbucket v3.x (formerly known as Stash) as a Source Code Provider. With this feature you can create and manage PRs in Bitbucket via Delivery.

Information about setting up the link and the project workflow it enables can be found here. This feature is released as of 0.3.606, which has been promoted to stable and is available for upgrade via delivery-cluster.

In addition to this new integration, if you haven’t upgraded in a while, we have implemented a number of usability enhancements in the dashboard and change pages of the web application.

We hope you enjoy using the Bitbucket integration. As always, we welcome your feedback and invite you to contact us directly or participate in our feedback forum.  Thanks for using Chef Delivery!

Posted in Delivery, release

Chef Server 12.4.1 Release

server-release-wide Ohai Chefs,

We’re pleased to announce that today we’ve released Chef Server 12.4.1. This is a patch to fix upgrades from Chef Server 11 to Chef Server 12.4.

To see the full list of changes, visit the changelog.

The release can be downloaded at

Posted in chef, release

Notes from the Lab: What’s Keeping Marginalized Groups Out of Tech?


An article I wrote with Jez Humble, “The Core Belief Keeping Marginalized Groups Out of Tech,” is available online in Model View Culture [link]. I think it’s an interesting look at some recent trends about what keeps marginalized groups out of tech.

We hear so often about the talent shortage in technical fields — I used to hear it all the time as a university professor. And yet when we look among our ranks, who do we see? A lot of people that look quite similar. More importantly, who do we not see? We don’t see many women, who only make up 15% – 27% of the technical workforce, depending on the data source you cite. We also don’t see people of color, who represent 5% – 7% of technical workers. With one stroke, we could address this talent shortage by reaching out to these underrepresented groups and welcoming them into our world.

My article cites interesting research done by Sarah-Jane Leslie and her colleagues, which was published in Science in January 2015. The research finds evidence that what keeps women and minorities (in this research, African Americans) out of STEM fields is a widespread belief that they are innately incapable of doing the work.

So what can we do? Actively and consistently fight these stereotypes. Work against the belief that, in technical fields,  inborn ability is what matters and that only certain groups have that ability. Foster the belief that what matters is hard work and dedication. Review company processes and correct for any inequalities. Invest in developing your people.

I would encourage you to head over to Model View Culture to check out the article in full. [link]

For those who are interested, here’s the reference for Dr. Leslie’s paper: Leslie, S.J., Cimpian, A., Meyer, M., & Freeland, E. (2015). Expectations of Brilliance Underlie Gender Distributions Across Academic Disciplines. Science, 347(6219), 262-265.

Posted in culture

ICYMI | Chef DOJO: Your DevOps Journey Assessment

On Tuesday, February 2nd, I co-presented a live webinar on the Chef DevOps Journey Assessment or DOJO with Thomas Enochs, VP Customer Success.

The DOJO is an exercise Chef developed to help companies get better results from their DevOps adoption. It gives your team a shared understanding of where you are on your journey and the desired state you’re trying to get to. After we compile the results, patterns emerge and are used to visualize goals and generate custom guidelines towards success.

Watch the recording to find out:

  • Why we created the DOJO and how it can help your organization accelerate DevOps adoption
  • What the DevOps Journey Assessment is and how it’s conducted
  • Who in your organization should attend the DOJO exercise
  • How to get it

Posted in culture, devops, webinar

ChefConf 2016 – Build. Deliver. Delight.

If you’ve been to ChefConf before, you know it’s not your typical tech conference. If you haven’t, this is your year. Our annual get together is like a huge family reunion open to everyone that celebrates a vibrant and passionate community of revolutionaries, game-changers, and disruptors.

ChefConf 2016 takes place July 11-13, in beautiful Austin, TX, bringing together 2,000 IT leaders, practitioners, and innovators from the Chef and wider DevOps communities. We’ll present an invigorating blend of technology and local Austin experiences to engage and energize you no matter your interests, whether League of Legends, BBQ, both, or something in between.


Three lively days will be filled with learning about and sharing the culture and practices that support the DevOps workflow, infrastructure automation, and continuous application delivery. We’ll have inspired discussions, collaborative presentations, and in-depth technical training. In the end, you’ll learn the strategies other organizations have used to successfully put transformation, velocity, and compliance into practice.

The entire event will reach peak-fun the evening of Wed., July 13, with the Chef Community Celebration at a popular SXSW location and Austin classic, the Empire Control Room. This will be the most epic party in ChefConf history and that’s no pose, that’s a promise.

Now, some important details:

  • We want to hear from you! The Call for Proposals is now open. The CFP closes Feb. 29, so tell us your awesome idea today!
  • Visit the ChefConf site to register and save $400 off the standard ticket price before April 15.
  • Get a sense of the schedule and stay tuned for many more details soon.
  • ChefConf takes place at the incredible JW Marriott in Austin. You’ll love it.
  • Still don’t have enough reasons to attend (or get your boss to approve it)? Check out our Justification Letter.
We’re super pumped to be partnering with the artistic and technical communities within Austin to create a conference experience unlike any other. Join us for ChefConf 2016 and join the biggest party in DevOps!

Posted in announcements, chef, chefconf, community, culture, devops, events

Chef Compliance 0.10.4 Release


Chef Compliance 0.10.4 is now available from the Chef downloads site. This is a minor release update which is recommended for all users of Chef Compliance. As you may have noticed, we changed our version scheme. From now on, we bump a minor version whenever we release a new feature, patch version indicate bug fixes.

Here are the enhancements and bug fixes included in this release:


Fixed bugs:
  • Fix date display for scheduled jobs
  • Fix Profile upload path traversal bug
  • Fix tarball traversal
This release also includes InSpec 0.9.11. The full changelog can be found here.

Upgrade instructions for Chef Compliance are found here.


Posted in compliance, release