InSpec is compliance as code

Turn your compliance, security, and other policy requirements into automated tests.

Star
image of diamondimage of grid

What's new in InSpec 2.0?

Test AWS, Azure, and your containers; improved performance for Windows and Linux, and more.

cloud

InSpec now supports testing configurations for cloud provider platforms such as AWS or Azure. Test additional components, such as Docker containers and network infrastructure β€” without adding anything extra.

coverage

30 new resources to get you started writing compliance rules for apps, containers, and system configuration files.

speed

Significantly faster, with 90% performance gains on Windows and 30% gains on Linux.

Integration

Chef Automate can be used as a source for compliance profiles and to store InSpec reports for compliance and security audits. InSpec results can be exported in JUnit format for integration into CI/CD tools like Jenkins.

Ease

It’s now easier to write and debug custom resources you create using InSpec Shell.


How InSpec works

Get started with InSpec in 3 simple steps


try the inspec demo
image of grid

1

write the test

Create simple Ruby-based tests to verify your expected state against the current state of your systems.

control 'example-1.0' do  impact 0.9  title 'Ensure login disabled'  desc 'An optional description...'  describe sshd_config do    its('PermitRootLogin') {      should_not cmp 'yes'    }  endend

2

run the test

Execute your test against your target system locally or remotely with one simple command.

$ inspec exec linux-baseline

3

See the results

See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.

Profile: InSpec Profile (example_profile)Version: 0.1.0Target:  local://
βœ” example-1.0: Ensure root login is disabled via SSH βœ” SSHD Configuration PermitRootLogin should not cmp == "yes"
Profile Summary: 1 successful control, 0 control failures, 0 controls skippedTest Summary: 1 successful, 0 failures, 0 skipped

Features of InSpec

InSpec is compliance by design


image for InSpec platform support

Platform Agnostic

InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.

logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware
image for InSpec remote and local testing

Test locally or remotely

InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.

logos for SSH and WinRM
image for InSpec freedom

Free to run anywhere

InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.

image for InSpec's extensible language

Extensible language

Easily extend the InSpec language to cover new operating systems, devices, or applications.

Transform your compliance and security requirements into simple code

Codify agreements

Combine profiles and customize them with overlays. Pick controls and define exceptions as code.

Add context to your tests

Utilize many fields like descriptions, tags, and impact.

Apply to all systems

Analyze everything using the same codified profiles and controls.

try the inspec demo
control 'sshd-21' do  title 'Set SSH Protocol to 2'  desc 'A detailed description'  impact 1.0 # This is critical ref 'compliance guide, section 2.1'  describe sshd_config do   its('Protocol') { should cmp 2 }  endend

Solve your infrastructure testing needs simply and efficiently

Test the desired state

Verify the current desired state of your apps and infrastructure according to the code you write.

HUMAN-READABLE CODE

Reduce friction by writing tests that are easy to understand by anyone.

Extensible

Create custom resources with ease and share them easily with others.

try the inspec demo
describe file('/etc/myapp.conf') do  it { should exist }  its('mode') { should cmp 0644 }end
describe apache_conf do its('Listen') { should cmp 8080 }end
describe port(8080) do it { should be_listening }end

Verify provisioning to cloud providers

Test AWS and Azure configuration

Verify all necessary settings of your favorite public cloud providers.

Test provisioners

InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.

Verify security configuration

Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.

try the inspec demo
describe aws_s3_bucket(bucket_name: 'my_secret_files') do  it { should exist }  it { should_not be_public }end
describe aws_iam_user(username: 'test_user') do it { should have_mfa_enabled } it { should_not have_console_password }end
image of scroll to top arrow