Turn your compliance, security, and other policy requirements into automated tests.


Register for the InSpec 2.0 webinar Download Inspec 2.0

Security and Compliance Don’t Need to
Make Your Dev Work More Difficult

InSpec is Chef’s open-source language for describing security & compliance rules that can be shared between software engineers, operations, and security engineers. Your compliance, security, and other policy requirements become automated tests throughout all stages of the software delivery process – so you achieve continuous compliance without slowing you down.

Try the free, hands-on tutorials

The Standard Approach to IT Security and
Compliance Doesn’t Work

InSpec and Continuous Compliance Make It Work for Every Team

The delivery of non-compliant environments is directly related to the tedious, manual compliance processes that occur right before work products go to production. In the rush to production, details are missed, misunderstood, or ignored and the results are the increasingly common major security breaches attributed to previously-disclosed vulnerabilities. If compliance standards are adhered to and the work products are stopped before going into production, the result is a lot of frustrating rework for software engineers, missed deadlines, and budget overruns.


Before and After InSpec


The answer to this conundrum is InSpec, which builds continuous compliance into the process – from the developer’s workstation to production. All of those compliance processes involving the exchange of written documents, spreadsheets or PDFs, become easy-to-read and easy-to-use code. Software engineers, operations teams, and security engineers are collaborating from the start of development.

Download InSpec 2.0 Data Sheet



Make Compliance Easy to Understand and Assess

Transform your requirements into versioned, executable, human-readable code. Organize your tests into composable profiles that allow you to define and customize exceptions as needed.

Detect Fleet-wide Issues and Prioritize Their Remediation

InSpec’s agentless detect mode helps you quickly assess, at scale, your exposure level. And built-in metadata for impact/severity scoring helps determine what areas to focus on for remediation.

Inspect Machines, Data, and new SaaS APIs

InSpec’s cloud API compliance capabilities let you make both coarse and fine-grained assertions about your cloud compliance and report on it continuously.

Satisfy Audits Any Time and Make Them Painless

Answer audit questions at any time, not just quarterly or yearly. Enter an audit cycle knowing your exact compliance posture, instead of being surprised by auditor’s findings.

Reduce Ambiguity and Miscommunication Around Rules

Documents leave configurations and processes open to interpretation. Executable code removes conversations about what should be assessed in favor of tangible tests with clear intent.

Keep up with Rapidly Changing Threat and Compliance Landscapes

With InSpec you can write and publish detection code the same day and write new rules in quick response to new regulations. Change in threats or regulations no longer equals emergencies.

Learn How InSpec Works

Integrate InSpec with Chef Automate for
Actionable Insights

One Platform to Automatically Detect, Analyze, and Remediate Compliance Issues


When InSpec is Integrated into Chef Automate you gain greater control over the detection and correction of security and compliance issues in production. Across your entire fleet of servers and machines – no matter their environments – Automate provides analysis, reporting, and visualization based upon inSpec data. Then you can even automatically correct the compliance issues that InSpec discovers through its automated tests.

Explore Chef Automate

Detect and Correct with Chef Automate