===================================================== InSpec CLI ===================================================== Use the InSpec CLI to run tests and audits against targets using local, SSH, WinRM, or Docker connections. archive ===================================================== Archive a profile to tar.gz (default) or zip Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec archive PATH Options ----------------------------------------------------- This subcommand has additional options: ``--ignore-errors``, ``--no-ignore-errors`` Ignore profile warnings. ``-o``, ``--output=OUTPUT`` Save the archive to a path ``--overwrite``, ``--no-overwrite`` Overwrite existing archive. ``--profiles-path=PROFILES_PATH`` Folder which contains referenced profiles. ``--tar``, ``--no-tar`` Generates a tar.gz archive. ``--zip``, ``--no-zip`` Generates a zip archive. check ===================================================== Verify all tests at the specified path Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec check PATH Options ----------------------------------------------------- This subcommand has additional options: ``--format=FORMAT`` ``--profiles-path=PROFILES_PATH`` Folder which contains referenced profiles. compliance ===================================================== Chef compliance commands Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec compliance SUBCOMMAND ... detect ===================================================== Detect the target os Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec detect Options ----------------------------------------------------- This subcommand has additional options: ``-b``, ``--backend=BACKEND`` Choose a backend: local, ssh, winrm, docker. ``--format=FORMAT`` ``--host=HOST`` Specify a remote host which is tested. ``--json-config=JSON_CONFIG`` Read configuration from JSON file (`-` reads from stdin). ``-i``, ``--key-files=one two three`` Login key or certificate file for a remote scan. ``-l``, ``--log-level=LOG_LEVEL`` Set the log level: info (default), debug, warn, error ``--password=PASSWORD`` Login password for a remote scan, if required. ``--path=PATH`` Login path to use when connecting to the target (WinRM). ``-p``, ``--port=N`` Specify the login port for a remote scan. ``--self-signed``, ``--no-self-signed`` Allow remote scans with self-signed certificates (WinRM). ``--ssl``, ``--no-ssl`` Use SSL for transport layer encryption (WinRM). ``--sudo``, ``--no-sudo`` Run scans with sudo. Only activates on Unix and non-root user. ``--sudo-command=SUDO_COMMAND`` Alternate command for sudo. ``--sudo-options=SUDO_OPTIONS`` Additional sudo options for a remote scan. ``--sudo-password=SUDO_PASSWORD`` Specify a sudo password, if it is required. ``-t``, ``--target=TARGET`` Simple targeting option using URIs, e.g. ssh://user:pass@host:port ``--user=USER`` The login user for a remote scan. env ===================================================== Output shell-appropriate completion configuration Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec env exec ===================================================== Run all test files at the specified path. Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec exec PATHS Options ----------------------------------------------------- This subcommand has additional options: ``--attrs=one two three`` Load attributes file (experimental) ``-b``, ``--backend=BACKEND`` Choose a backend: local, ssh, winrm, docker. ``--color``, ``--no-color`` Use colors in output. ``--controls=one two three`` A list of controls to run. Ignore all other tests. ``--format=FORMAT`` Which formatter to use: cli, progress, documentation, json, json-min ``--host=HOST`` Specify a remote host which is tested. ``--json-config=JSON_CONFIG`` Read configuration from JSON file (`-` reads from stdin). ``-i``, ``--key-files=one two three`` Login key or certificate file for a remote scan. ``-l``, ``--log-level=LOG_LEVEL`` Set the log level: info (default), debug, warn, error ``--password=PASSWORD`` Login password for a remote scan, if required. ``--path=PATH`` Login path to use when connecting to the target (WinRM). ``-p``, ``--port=N`` Specify the login port for a remote scan. ``--profiles-path=PROFILES_PATH`` Folder which contains referenced profiles. ``--self-signed``, ``--no-self-signed`` Allow remote scans with self-signed certificates (WinRM). ``--ssl``, ``--no-ssl`` Use SSL for transport layer encryption (WinRM). ``--sudo``, ``--no-sudo`` Run scans with sudo. Only activates on Unix and non-root user. ``--sudo-command=SUDO_COMMAND`` Alternate command for sudo. ``--sudo-options=SUDO_OPTIONS`` Additional sudo options for a remote scan. ``--sudo-password=SUDO_PASSWORD`` Specify a sudo password, if it is required. ``-t``, ``--target=TARGET`` Simple targeting option using URIs, e.g. ssh://user:pass@host:port ``--user=USER`` The login user for a remote scan. help ===================================================== Describe available commands or one specific command Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec help [COMMAND] init ===================================================== Scaffolds a new project Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec init TEMPLATE ... json ===================================================== Read all tests in path and generate a json summary Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec json PATH Options ----------------------------------------------------- This subcommand has additional options: ``--controls=one two three`` A list of controls to include. Ignore all other tests. ``-o``, ``--output=OUTPUT`` Save the created profile to a path ``--profiles-path=PROFILES_PATH`` Folder which contains referenced profiles. scap ===================================================== Scap commands Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec scap SUBCOMMAND ... shell ===================================================== Open an interactive debugging shell Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec shell Options ----------------------------------------------------- This subcommand has additional options: ``-b``, ``--backend=BACKEND`` Choose a backend: local, ssh, winrm, docker. ``-c``, ``--command=COMMAND`` ``--host=HOST`` Specify a remote host which is tested. ``--json-config=JSON_CONFIG`` Read configuration from JSON file (`-` reads from stdin). ``-i``, ``--key-files=one two three`` Login key or certificate file for a remote scan. ``-l``, ``--log-level=LOG_LEVEL`` Set the log level: info (default), debug, warn, error ``--password=PASSWORD`` Login password for a remote scan, if required. ``--path=PATH`` Login path to use when connecting to the target (WinRM). ``-p``, ``--port=N`` Specify the login port for a remote scan. ``--self-signed``, ``--no-self-signed`` Allow remote scans with self-signed certificates (WinRM). ``--ssl``, ``--no-ssl`` Use SSL for transport layer encryption (WinRM). ``--sudo``, ``--no-sudo`` Run scans with sudo. Only activates on Unix and non-root user. ``--sudo-command=SUDO_COMMAND`` Alternate command for sudo. ``--sudo-options=SUDO_OPTIONS`` Additional sudo options for a remote scan. ``--sudo-password=SUDO_PASSWORD`` Specify a sudo password, if it is required. ``-t``, ``--target=TARGET`` Simple targeting option using URIs, e.g. ssh://user:pass@host:port ``--user=USER`` The login user for a remote scan. supermarket ===================================================== Supermarket commands Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec supermarket SUBCOMMAND ... version ===================================================== Prints the version of this tool Syntax ----------------------------------------------------- This subcommand has the following syntax: .. code-block:: bash $ inspec version