Last week Chef announced the February release of Chef Automate. This marks the GA release of the compliance scanner with job scheduling, and adds features to make analysis easier, such as date-range search. Chef Automate now provides compliance scanning capabilities for a full range of enterprise needs: agent-based scans to provide continuous visibility into status; remote, agentless scans for on-demand checks; and scheduled scans to deliver regular insights with minimum disruption.
Chef Automate ships with a library of InSpec profiles that provide a baseline against which organizations can test for compliance. Profiles express policy as code, and organizations can create and extend profiles to test for compliance against a range of policies such as security requirements, corporate guidelines, or government regulations. The complete scanning capabilities in Chef Automate help organizations stay compliant with diverse requirements across large, heterogeneous IT environments.
Moving faster, with less risk
Chef customers use Chef Automate to detect non-compliance with policy, correct priority issues, and automate the detect-and-correct cycle to achieve continuous compliance. A common use case is to gain visibility into compliance status across the fleet and maintain an up-to-date view to support ongoing audit readiness. For many organizations, audits require significant effort and are therefore done periodically, leaving long windows of time with little visibility into compliance status. Maintaining ongoing visibility decreases risk while making audits simple and efficient. Furthermore, Chef Automate provides a means to correct any compliance issues that are detected, helping organizations stay compliant on an ongoing basis.
Another common use case is moving compliance checks into the development process. By testing against policy as code is developed, fixes can happen quickly and application delivery speeds up. Most organizations scan for compliance and security issues prior to deployment. This step can bring deployments to a halt and kick off an expensive, time-consuming remediation process. When compliance checks are done earlier in the process, however, the security review becomes a non-event, as potential issues were detected and corrected during development.
Using Chef Automate to apply a detect-correct-automate approach to compliance provides benefits across teams. Developers move their applications into production faster, with less rework. Operations teams maintain a compliant infrastructure that is always audit-ready. Security teams eliminate risk without slowing things down. And compliance teams can be sure policies are being implemented as intended, via profiles written in code that is not subject to misinterpretation.