Did you Know this About Chef Compliance and Chef Cloud Security? - Part 2

By

In the first blog of this series on Chef Compliance and Chef Cloud Security, we looked at the Chef InSpec commands that help you explore, diagnose and manage large profiles.  

We reviewed how commands like ‘InSpec Shell,’ ‘InSpec Detect’ and ‘InSpec Export’ help you ‘explore and diagnose’ and manage your compliance scans. We also covered the progress bar reporter and how to divide the profile in custom ways, helping you to manage large profiles easily. 

Continuing the conversation in this blog, let's look at how InSpec commands are useful in two other aspects—integration with other systems and working efficiently with InSpec. 

Integration with other systems is a major challenge when it comes to DevOps tools. Given the proliferation of a multitude of tools in the DevOps space, practitioners have repeatedly pointed out the importance of integration to create a smooth pipeline for processes. 

On the other hand, while performing tasks unhindered is imperative, performing them efficiently is equally important.  

Chef InSpec commands assist practitioners in both cases. Let’s find out how. 

Integrate with other systems  

Multiple output streams 

Chef InSpec allows you to use multiple reporters to get several output copies. A ‘reporter’ is a configurable output stream for ’InSpec exec.’ You can send outputs to multiple destinations and formats simultaneously. InSpec supports multiple reporter formats, including CLI, HTML, JSON and YAML. JSON output is particularly great for machine processing.  

In the example below, InSpec generates two output streams for the profile it is executing. First, it sends the output to the command line and writes a file called myreport.html. using the HTML 2 reporter to write a file. 

Multiple output streams

jUnit Reporter

The jUnit 2 reporter generates properly formatted jUnit XML reports. This replaces the deprecated Junit reporter. jUnit files can be consumed by Jenkins and several other CI systems for test tracking.

jUnit Reporter

Using exit codes to detect outcomes 

Did you know that InSpec allows you to exit codes to detect outcomes? InSpec exec exits with distinct codes depending on the test outcome. You can refer to the codes below:

  • 0 normal exit; all tests pass 
  • 100 normal exits, at least one test failed
  • 101 normal exits, at least one test skipped, but none failed 

You can use these exit codes to detect outcomes and intelligently use them in your CI engines.  

How Can You Work More Efficiently with InSpec?  

Using Plural resources  

A plural resource queries multiple resources of the same type and can query in bulk and then loop over individual resources in detail. It can also be used for something that should not exist.  

Using Plural resources


In the positive assertion example above, the plural resource is used to loop over all AWS S3 buckets and it examines each bucket name individually and checks if default encryption is enabled. 

Generate code with InSpec init  

This is a great way to use your time effectively. Whenever you need a new profile, just generate it without writing a new profile from scratch; use the command InSpec init profile <profilename>. You can also generate new resources and plugins with this command.

Generating code with InSpec init


We hope this series has provided you with insights into the various options that Chef InSpec provides. From helping you to ‘Explore and Diagnose’ to ‘Managing your Profiles’, to easing integration with other systems, Chef InSpec commands help you streamline your compliance and security processes

Stay tuned for our next blog on controls for cloud resources. 

In the next blog in this series, we’ll discuss how you can write controls for cloud resources using InSpec.

Resources  

Learn Chef is a great place to know more about Chef InSpec.  
 

Learn more about Chef products.  


Posted in:
Tags:
Cloud Security Compliance Management continuous compliance What is compliance management and why is it important?

Shua Matin

Shua Matin is a Senior Manager, Product Marketing at Progress. Shua has over 16 years’ experience across presales, business development and marketing roles for Governance, Risk and Compliance, and Talent Management domain. Her experience is in market analysis, product packaging and positioning, driving the marketing strategy and planning, competitive analysis and sales enablement.

Categories

INTERNET US

Company
Using Chef
Legal
Connect with us
Contact Us

Chef is part of the Progress product portfolio. Progress is the leading provider of application development and digital experience technologies.

Copyright © 2023 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon, MarkLogic, Semaphore and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Do Not Sell or Share My Personal Information

Powered by Progress Sitefinity