Chef InSpec is compliance as code

Turn your compliance, security, and other policy requirements into automated tests.

image of diamondimage of grid

How Chef InSpec works

Get started with Chef InSpec in 3 simple steps

image of grid


write the test

Create simple Ruby-based tests to verify your expected state against the current state of your systems.

control 'example-1.0' do  impact 0.9  title 'Ensure login disabled'  desc 'An optional description...'  describe sshd_config do    its('PermitRootLogin') {      should_not cmp 'yes'    }  endend


run the test

Execute your test against your target system locally or remotely with one simple command.

$ inspec exec linux-baseline


See the results

See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.

Profile: Chef InSpec Profile (example_profile)Version: 0.1.0Target:  local://
✔ example-1.0: Ensure root login is disabled via SSH ✔ SSHD Configuration PermitRootLogin should not cmp == "yes"
Profile Summary: 1 successful control, 0 control failures, 0 controls skippedTest Summary: 1 successful, 0 failures, 0 skipped

Features of Chef InSpec

Chef InSpec is compliance by design

image for Chef InSpec platform support

Platform Agnostic

Chef InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.

logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware
image for Chef InSpec remote and local testing

Test locally or remotely

Chef InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.

logos for SSH and WinRM
image for Chef InSpec freedom

Free to run anywhere

Chef InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.

image for Chef InSpec's extensible language

Extensible language

Easily extend the Chef InSpec language to cover new operating systems, devices, or applications.

Transform your compliance and security requirements into simple code

Codify agreements

Combine profiles and customize them with overlays. Pick controls and define exceptions as code.

Add context to your tests

Utilize many fields like descriptions, tags, and impact.

Apply to all systems

Analyze everything using the same codified profiles and controls.

control 'sshd-21' do  title 'Set SSH Protocol to 2'  desc 'A detailed description'  impact 1.0 # This is critical ref 'compliance guide, section 2.1'  describe sshd_config do   its('Protocol') { should cmp 2 }  endend

Solve your infrastructure testing needs simply and efficiently

Test the desired state

Verify the current desired state of your apps and infrastructure according to the code you write.


Reduce friction by writing tests that are easy to understand by anyone.


Create custom resources with ease and share them easily with others.

describe file('/etc/myapp.conf') do  it { should exist }  its('mode') { should cmp 0644 }end
describe apache_conf do its('Listen') { should cmp 8080 }end
describe port(8080) do it { should be_listening }end

Verify provisioning to cloud providers

Test AWS and Azure configuration

Verify all necessary settings of your favorite public cloud providers.

Test provisioners

Chef InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.

Verify security configuration

Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.

describe aws_s3_bucket(bucket_name: 'my_secret_files') do  it { should exist }  it { should_not be_public }end
describe aws_iam_user(username: 'test_user') do it { should have_mfa_enabled } it { should_not have_console_password }end
image of scroll to top arrow