InSpec Documentation

InSpec is a free and open-source framework for testing and auditing your applications and infrastructure. InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write InSpec code. InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.

Getting started with InSpec

Below are some of the core concepts that make up InSpec. Check out our in-browser demo or tutorials for a quick hands-on experience.

Create a profile

Profiles are the core of the InSpec testing experience. Use InSpec profiles to manage everything you need to run a security or compliance scan--attributes, metadata, and the tests themselves.

Add your tests

You can create tests three different ways: By composing your own tests, by including tests from the Chef Supermarket or by adding tests from the Dev-Sec Project as dependencies. You can also customize your tests--pulling in the tests from our Supermarket and change them to suit your unique needs with the easy-to-read and easy-to-write InSpec domain specific language.

Target your system

Run your tests wherever your infrastructure is--locally or in the cloud. InSpec is designed for platforms and treats operating systems as special cases. InSpec helps you, whether you use Windows Server on your own hardware or run Linux in Docker containers in the cloud. As for the cloud, you can use InSpec to target applications and services running on AWS and Azure.

Resources

InSpec has 80+ resources ready use--apache to zfs pool. If you need a solution that we haven’t provided, you can write your own custom resource.

Contributing

This documentation is automatically generated from the InSpec repository and source code. To contribute, please have a look at the docs folder of the project.