| InSpec is a free and open-source framework for testing and auditing your applications and infrastructure. InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write InSpec code. InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.
| are the core of the InSpec testing experience. Use InSpec profiles to manage everything you need to run a security or compliance scan--attributes, metadata, and the tests themselves.
.margin-top-xs.brdr-left
.margin-left-sm
h3 Add your tests
p
| You can create tests three different ways: By composing your own tests, by including tests from the
a href="https://supermarket.chef.io/" Chef Supermarket
| or by adding tests from the
a href="http://dev-sec.io/" Dev-Sec Project
| as dependencies. You can also customize your tests--pulling in the tests from our Supermarket and change them to suit your unique needs with the easy-to-read and easy-to-write InSpec domain specific language.
.margin-top-xs.brdr-left
.margin-left-sm
h3 Target your system
p
| Run your tests wherever your infrastructure is--locally or in the cloud. InSpec is designed for platforms and treats operating systems as special cases. InSpec helps you, whether you use Windows Server on your own hardware or run Linux in Docker containers in the cloud. As for the cloud, you can use InSpec to target applications and services running on AWS and Azure.
.margin-top-xs.brdr-left
.margin-left-sm
h3 Resources
p
| InSpec has
a href="/docs/reference/resources.html" 80+ resources
| ready use--apache to zfs pool. If you need a solution that we haven’t provided, you can write your own
a href="/docs/reference/dsl_resource.html" custom resource
