--- title: Chef InSpec - Audit and Automated Testing Framework description: Chef InSpec is an open source (OSS) automated testing tool for integration, compliance, security, and other policy requirements. Easily test your network and systems on-site or on cloud platforms such as AWS, Azure, and Docker Containers. priority: 1.0 change_frequency: daily --- /! header header.bg-gradient.margin-top-offset.short-bg.relative .row.align.margin-top-sm .large-7.medium-7.mobile-12.columns.z-20 .margin-both h1.t-white Chef InSpec is compliance as code h3.t-white Turn your compliance, security, and other policy requirements into automated tests. /! buttons .row.align.columns.margin-top-sm.mobile-row-btn a.button.btn-lg.btn-purple.shadow-dark.margin-right-xs.mobile-row-btn href="/downloads" i.fa.fa-cloud-download span download inspec 4 a.button.btn-lg.btn-white-o.shadow-dark.mobile-row-btn href="/tutorials" browse tutorials a class="github-button" href="https://github.com/chef/inspec" data-size="large" data-show-count="true" aria-label="Star chef/inspec on GitHub" Star .large-5.medium-5.columns.relative.mobile-hide /! diamond image img.diamond src="/images/home/diamond.png" alt="image of diamond"/ img.grid-animate.fit.z-20 src="/images/home/web.svg" onerror="this.src='/images/home/web.png'" alt="image of grid"/ /! announcement .row.columns .box-white.shadow.z-20.slide-left h3.large-11.medium-11 Announcing InSpec 4 p.large-11.medium-11 Inputs system overhaul, updated AWS-SDK to v3, support for the new Chef License, and many bugfixes and minor features #expand .margin-top-sm.brdr-left.large-11.medium-11 .margin-left-sm h4.t-purple core p Inputs system overhaul - more consistent, extensible, and predictable p Updated AWS-SDK to v3 p Laying the foundation for opt-in telemetry p Support for the new Chef License p Add support for more_permissive_than? on the File resource p Many other minor bugfixes! .margin-top-sm.brdr-left.large-11.medium-11 .margin-left-sm h4.t-purple inspec-bin p Moved the `inspec` executable to a separate gem, `inspec-bin`. This allows the use of the `inspec` gem as a library without the licensing restrictions placed on the executable. p This release is the first to require accepting a license before using it as an executable. .margin-top-xs a#expandBtn Show all new features /! canvas elements #particles-js.particles canvas.particles-js-canvas-el / /! Get started .margin-both .row.relative .columns hr small.t-gray How Chef InSpec works h2.txt-margin Get started with Chef InSpec in 3 simple steps hr .large-5.medium-5.columns.blue-grid.mobile-hide img.grid-animate.fit src="/images/community/blue-web.svg" onerror="this.src='/images/community/blue-web.png'" alt="image of grid" .margin-top-sm .row.align.mobile-row .large-6.medium-6.mobile-12.columns .flex.align .num-container h3.t-purple 1 .block.margin-left-sm h4.t-purple write the test p Create simple Ruby-based tests to verify your expected state against the current state of your systems. .large-6.medium-6.mobile-12.columns .flex.align.slide-right .tooltip-triangle .box-dark.box-scroll.tip.shadow pre.slide-up-slow.animate-delay-10 code control 'example-1.0' do code impact 0.9 code title 'Ensure login disabled' code desc 'An optional description...' code describe sshd_config do code its('PermitRootLogin') { code should_not cmp 'yes' code } code end code end .margin-top-xs .row.align.mobile-row .large-6.medium-6.mobile-12.columns .flex.align .num-container h3.t-purple 2 .block.margin-left-sm h4.t-purple run the test p Execute your test against your target system locally or remotely with one simple command. .large-6.medium-6.mobile-12.columns .flex.align.slide-right .tooltip-triangle .box-dark.tip.shadow pre code $ inspec exec linux-baseline .margin-top-xs .row.align.mobile-row .large-6.medium-6.mobile-12.columns .flex.align .num-container h3.t-purple 3 .block.margin-left-sm h4.t-purple See the results p See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output. .large-6.medium-6.mobile-12.columns .flex.align.slide-right .tooltip-triangle .box-dark.box-scroll.tip.shadow pre.slide-up-slow.animate-delay-20 code Profile: Chef InSpec Profile (example_profile) code Version: 0.1.0 code Target: local:// br code ✔ example-1.0: Ensure root login is disabled via SSH code ✔ SSHD Configuration PermitRootLogin should not cmp == "yes" br code Profile Summary: 1 successful control, 0 control failures, 0 controls skipped code Test Summary: 1 successful, 0 failures, 0 skipped /! how it works .row.relative.margin-under-sm .columns.strict-center hr.center small.t-gray Features of Chef InSpec h2.txt-margin Chef InSpec is compliance by design hr.center .row.strict-center.mobile-row .large-6.medium-6.columns.mobile-12.margin-under-xs .box-white.shadow.strict-center.fit-height.relative.slide-up img.icon-art.margin-under-xs src="/images/home/platform.svg" onerror="this.src='/images/home/platform.png'" alt="image for Chef InSpec platform support"/ h4.t-purple Platform Agnostic p | Chef InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere. a title="Linux, Windows/Azure, Mac, Ubuntu, Docker, AWS, VMware, RedHat" img.icon-logos src="/images/home/platform-logos.svg" onerror="this.src='/images/home/platform-logos.png'" alt="logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware"/ .triangle-right .large-6.medium-6.columns.mobile-12.margin-under-xs .box-white.shadow.strict-center.fit-height.relative.slide-up img.icon-art.margin-under-xs src="/images/home/test.svg" onerror="this.src='/images/home/test.png'" alt="image for Chef InSpec remote and local testing"/ h4.t-purple Test locally or remotely p | Chef InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM. a title="SSH, WinRM" img.icon-logos src="/images/home/test-logos.svg" onerror="this.src='/images/home/test-logos.png'" alt="logos for SSH and WinRM" / .triangle-right .row.strict-center.mobile-row .large-6.medium-6.mobile-12.columns.margin-under-xs .box-white.shadow.strict-center.fit-height.relative.slide-up img.icon-art.margin-under-xs src="/images/home/run.svg" onerror="this.src='/images/home/run.png'" alt="image for Chef InSpec freedom"/ h4.t-purple Free to run anywhere p | Chef InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere. .triangle-right .large-6.medium-6.mobile-12.columns.margin-under-xs .box-white.shadow.strict-center.fit-height.relative.slide-up img.icon-art.margin-under-xs src="/images/home/extensible.svg" onerror="this.src='/images/home/extensible.png'" alt="image for Chef InSpec's extensible language" / h4.t-purple Extensible language p | Easily extend the Chef InSpec language to cover new operating systems, devices, or applications. .triangle-right /! use cases .bg-gradient.margin-top .pad-both.relative #particles-second canvas.particles-js-canvas-el .slider .row .columns.selectors.mobile-hide.z-20 a.button.btn-lg.btn-slider.shadow-dark for Compliance a.button.btn-lg.btn-slider.shadow-dark for Infrastructure a.button.btn-lg.btn-slider.shadow-dark for Provisioning .columns.selectors.slider-selectors.mobile-show.z-20 a.button.btn-lg.btn-slider.shadow-dark Compliance a.button.btn-lg.btn-slider.shadow-dark Infrastructure a.button.btn-lg.btn-slider.shadow-dark Provisioning .view .row .large-7.medium-7.mobile-12.columns h2.t-white.margin-both-sm | Transform your compliance and security requirements into simple code .row.mobile-row .large-6.medium-6.mobile-12.columns.mobile-row .box-white.shadow-dark.fit-height.z-20 .block.margin-both-xs h4.t-purple Codify agreements p Combine profiles and customize them with overlays. Pick controls and define exceptions as code. .block.margin-under-xs h4.t-purple Add context to your tests p Utilize many fields like descriptions, tags, and impact. .block h4.t-purple Apply to all systems p Analyze everything using the same codified profiles and controls. .large-6.medium-6.mobile-12.columns .box-dark.shadow-dark.fit-height.z-20 pre.t-white.align-vertical-50 code control 'sshd-21' do code title 'Set SSH Protocol to 2' code desc 'A detailed description' code impact 1.0 # This is critical ref 'compliance guide, section 2.1' code describe sshd_config do code its('Protocol') { should cmp 2 } code end code end .view .row .large-7.medium-7.mobile-12.columns h2.t-white.margin-both-sm | Solve your infrastructure testing needs simply and efficiently .row.mobile-row .large-6.medium-6.mobile-12.columns.mobile-row .box-white.shadow-dark.fit-height.z-20 .block.margin-both-xs h4.t-purple Test the desired state p Verify the current desired state of your apps and infrastructure according to the code you write. .block.margin-under-xs h4.t-purple HUMAN-READABLE CODE p Reduce friction by writing tests that are easy to understand by anyone. .block h4.t-purple Extensible p Create custom resources with ease and share them easily with others. .large-6.medium-6.mobile-12.columns .box-dark.shadow-dark.fit-height.z-20 pre.t-white.align-vertical-50 code describe file('/etc/myapp.conf') do code it { should exist } code its('mode') { should cmp 0644 } code end br code describe apache_conf do code its('Listen') { should cmp 8080 } code end br code describe port(8080) do code it { should be_listening } code end .view .row .large-7.medium-7.mobile-12.columns h2.t-white.margin-both-sm | Verify provisioning to cloud providers .row.mobile-row .large-6.medium-6.mobile-12.columns.mobile-row .box-white.shadow-dark.fit-height.z-20 .block.margin-both-xs h4.t-purple Test AWS and Azure configuration p Verify all necessary settings of your favorite public cloud providers. .block.margin-under-xs h4.t-purple Test provisioners p Chef InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform. .block h4.t-purple Verify security configuration p Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration. .large-6.medium-6.mobile-12.columns .box-dark.shadow-dark.fit-height.z-20 pre.t-white.align-vertical-50 code describe aws_s3_bucket(bucket_name: 'my_secret_files') do code it { should exist } code it { should_not be_public } code end br code describe aws_iam_user(username: 'test_user') do code it { should have_mfa_enabled } code it { should_not have_console_password } code end .scrollToTop.shadow-dark img#scrollup src="/images/home/arrow.svg" onerror="this.src='/images/home/arrow.png'" alt="image of scroll to top arrow"