InSpec Shell,’ ‘
InSpec Detect’ and ‘
InSpec Export’ help you ‘explore and diagnose’ and manage your compliance scans. We also covered the progress bar reporter and how to divide the profile in custom ways, helping you to manage large profiles easily.
Integrate with other systems
Multiple output streams
InSpec exec.’ You can send outputs to multiple destinations and formats simultaneously. InSpec supports multiple reporter formats, including CLI, HTML, JSON and YAML. JSON output is particularly great for machine processing.
In the example below, InSpec generates two output streams for the profile it is executing. First, it sends the output to the command line and writes a file called myreport.html. using the HTML 2 reporter to write a file.
The jUnit 2 reporter generates properly formatted jUnit XML reports. This replaces the deprecated Junit reporter. jUnit files can be consumed by Jenkins and several other CI systems for test tracking.
Using exit codes to detect outcomes
Did you know that InSpec allows you to exit codes to detect outcomes?
InSpec exec exits with distinct codes depending on the test outcome. You can refer to the codes below:
- 0 normal exit; all tests pass
- 100 normal exits, at least one test failed
- 101 normal exits, at least one test skipped, but none failed
You can use these exit codes to detect outcomes and intelligently use them in your CI engines.
How Can You Work More Efficiently with InSpec?
Using Plural resources
A plural resource queries multiple resources of the same type and can query in bulk and then loop over individual resources in detail. It can also be used for something that should not exist.
In the positive assertion example above, the plural resource is used to loop over all AWS S3 buckets and it examines each bucket name individually and checks if default encryption is enabled.
Generate code with InSpec init
This is a great way to use your time effectively. Whenever you need a new profile, just generate it without writing a new profile from scratch; use the command
InSpec init profile <profilename>. You can also generate new resources and plugins with this command.
We hope this series has provided you with insights into the various options that Chef InSpec provides. From helping you to ‘Explore and Diagnose’ to ‘Managing your Profiles’, to easing integration with other systems, Chef InSpec commands help you streamline your compliance and security processes.
Stay tuned for our next blog on controls for cloud resources.