Velocity requires safety. Without it, being fast can do more harm than good. Security and compliance are non-negotiables for every enterprise. Use InSpec to express compliance as code and find problems early, before they slow you down.
How InSpec Works
InSpec is an open-source testing framework for infrastructure with a human-readable language for specifying compliance, security and other policy requirements. When compliance is code, you can integrate automated tests that check for adherence to policy into any stage of your deployment pipeline.
UNDERSTANDABLE
Ensure that insecure services and protocols, such as telnet, are not used.
DECLARATIVE
Ensure that web servers are only listening on well-secured ports, for example, to meet PCI DSS encryption requirements.
UNAMBIGUOUS
Add metadata to help communicate requirements to all team members. Development, operations, compliance and security, all have access to compliance rules.
Turn Your Compliance and Security Requirements Into Simple Code
Clearly Express Statements of Policy
When compliance is code, rules are unambiguous and can be understood by everyone on the team. Replace spreadsheets filled with abstract descriptions with tangible tests that have a clear intent.
COMPLIANCE FOR THE ENTERPRISE
COMPLIANCE AT VELOCITY: INSPEC + CHEF AUTOMATE
Chef Automate builds on InSpec to give an enterprise everything it needs for compliance at velocity. Customizable reports identify compliance issues. Built-in rule sets let you immediately start testing for compliance. Deploy your software quickly, safely and reliably, even when there are multiple teams working on complex projects. With Chef Automate there’s no tradeoff between speed and control.