mirror of
https://github.com/inspec/inspec
synced 2024-12-11 22:02:47 +00:00
2bbcdbde9b
* Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
281 lines
13 KiB
Text
281 lines
13 KiB
Text
---
|
||
title: InSpec - Audit and Automated Testing Framework
|
||
description: InSpec is an open source (OSS) automated testing tool for integration, compliance, security, and other policy requirements. Easily test your network and systems on-site or on cloud platforms such as AWS, Azure, and Docker Containers.
|
||
priority: 1.0
|
||
change_frequency: daily
|
||
---
|
||
|
||
/! header
|
||
header.bg-gradient.margin-top-offset.short-bg.relative
|
||
.row.align.margin-top-sm
|
||
.large-7.medium-7.mobile-12.columns.z-20
|
||
.margin-both
|
||
h1.t-white InSpec is compliance as code
|
||
h3.t-white Turn your compliance, security, and other policy requirements into automated tests.
|
||
/! buttons
|
||
.row.align.columns.margin-top-sm.mobile-row-btn
|
||
a.button.btn-lg.btn-purple.shadow-dark.margin-right-xs.mobile-row-btn href="/downloads"
|
||
i.fa.fa-cloud-download
|
||
span download inspec 3.0
|
||
a.button.btn-lg.btn-white-o.shadow-dark.mobile-row-btn href="/tutorials" browse tutorials
|
||
a class="github-button" href="https://github.com/chef/inspec" data-size="large" data-show-count="true" aria-label="Star chef/inspec on GitHub" Star
|
||
|
||
.large-5.medium-5.columns.relative.mobile-hide
|
||
/! diamond image
|
||
img.diamond src="/images/home/diamond.png" alt="image of diamond"/
|
||
img.grid-animate.fit.z-20 src="/images/home/web.svg" onerror="this.src='/images/home/web.png'" alt="image of grid"/
|
||
/! announcement
|
||
.row.columns
|
||
.box-white.shadow.z-20.slide-left
|
||
h3.large-11.medium-11 Announcing InSpec 3.0
|
||
p.large-11.medium-11 Plugin system, global attributes, enchanced skip messaging, and more.
|
||
#expand
|
||
.margin-top-sm.brdr-left.large-11.medium-11
|
||
.margin-left-sm
|
||
h4.t-purple core
|
||
p New plugin system for InSpec CLI and Train
|
||
p Enhanced "only_if" skip messaging
|
||
p Unsupported profiles are now hidden from output
|
||
p Attributes are now specified in <a href="/docs/reference/profiles/">inspec.yml</a>
|
||
p Text based severity (e.g. "impact 'low'" )
|
||
p Tons of security/bug fixes and improvements
|
||
.margin-top-sm.brdr-left.large-11.medium-11
|
||
.margin-left-sm
|
||
h4.t-purple cloud
|
||
p
|
||
| New <a href="http://www.inspec.io/docs/reference/resources/#azure-resources">Azure</a> and <a href="/docs/reference/resources/#gcp-resources">GCP resources</a>
|
||
p Support for VMware ESXi via PowerCLI (Even on Linux!)
|
||
.margin-top-xs
|
||
a#expandBtn Show all new features
|
||
/! canvas elements
|
||
#particles-js.particles
|
||
canvas.particles-js-canvas-el /
|
||
|
||
|
||
/! Get started
|
||
.margin-both
|
||
.row.relative
|
||
.columns
|
||
hr
|
||
small.t-gray How InSpec works
|
||
h2.txt-margin Get started with InSpec in 3 simple steps
|
||
hr
|
||
.large-5.medium-5.columns.blue-grid.mobile-hide
|
||
img.grid-animate.fit src="/images/community/blue-web.svg" onerror="this.src='/images/community/blue-web.png'" alt="image of grid"
|
||
.margin-top-sm
|
||
.row.align.mobile-row
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align
|
||
.num-container
|
||
h3.t-purple 1
|
||
.block.margin-left-sm
|
||
h4.t-purple write the test
|
||
p Create simple Ruby-based tests to verify your expected state against the current state of your systems.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align.slide-right
|
||
.tooltip-triangle
|
||
.box-dark.box-scroll.tip.shadow
|
||
pre.slide-up-slow.animate-delay-10
|
||
code control 'example-1.0' do
|
||
code impact 0.9
|
||
code title 'Ensure login disabled'
|
||
code desc 'An optional description...'
|
||
code describe sshd_config do
|
||
code its('PermitRootLogin') {
|
||
code should_not cmp 'yes'
|
||
code }
|
||
code end
|
||
code end
|
||
.margin-top-xs
|
||
.row.align.mobile-row
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align
|
||
.num-container
|
||
h3.t-purple 2
|
||
.block.margin-left-sm
|
||
h4.t-purple run the test
|
||
p Execute your test against your target system locally or remotely with one simple command.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align.slide-right
|
||
.tooltip-triangle
|
||
.box-dark.tip.shadow
|
||
pre
|
||
code $ inspec exec linux-baseline
|
||
.margin-top-xs
|
||
.row.align.mobile-row
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align
|
||
.num-container
|
||
h3.t-purple 3
|
||
.block.margin-left-sm
|
||
h4.t-purple See the results
|
||
p See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align.slide-right
|
||
.tooltip-triangle
|
||
.box-dark.box-scroll.tip.shadow
|
||
pre.slide-up-slow.animate-delay-20
|
||
code Profile: InSpec Profile (example_profile)
|
||
code Version: 0.1.0
|
||
code Target: local://
|
||
br
|
||
code ✔ example-1.0: Ensure root login is disabled via SSH
|
||
code ✔ SSHD Configuration PermitRootLogin should not cmp == "yes"
|
||
br
|
||
code Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
|
||
code Test Summary: 1 successful, 0 failures, 0 skipped
|
||
|
||
|
||
/! how it works
|
||
.row.relative.margin-under-sm
|
||
.columns.strict-center
|
||
hr.center
|
||
small.t-gray Features of InSpec
|
||
h2.txt-margin InSpec is compliance by design
|
||
hr.center
|
||
|
||
.row.strict-center.mobile-row
|
||
.large-6.medium-6.columns.mobile-12.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/platform.svg" onerror="this.src='/images/home/platform.png'" alt="image for InSpec platform support"/
|
||
h4.t-purple Platform Agnostic
|
||
p
|
||
| InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.
|
||
a title="Linux, Windows/Azure, Mac, Ubuntu, Docker, AWS, VMware, RedHat"
|
||
img.icon-logos src="/images/home/platform-logos.svg" onerror="this.src='/images/home/platform-logos.png'" alt="logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware"/
|
||
.triangle-right
|
||
.large-6.medium-6.columns.mobile-12.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/test.svg" onerror="this.src='/images/home/test.png'" alt="image for InSpec remote and local testing"/
|
||
h4.t-purple Test locally or remotely
|
||
p
|
||
| InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.
|
||
a title="SSH, WinRM"
|
||
img.icon-logos src="/images/home/test-logos.svg" onerror="this.src='/images/home/test-logos.png'" alt="logos for SSH and WinRM" /
|
||
.triangle-right
|
||
|
||
.row.strict-center.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/run.svg" onerror="this.src='/images/home/run.png'" alt="image for InSpec freedom"/
|
||
h4.t-purple Free to run anywhere
|
||
p
|
||
| InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.
|
||
.triangle-right
|
||
.large-6.medium-6.mobile-12.columns.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/extensible.svg" onerror="this.src='/images/home/extensible.png'" alt="image for InSpec's extensible language" /
|
||
h4.t-purple Extensible language
|
||
p
|
||
| Easily extend the InSpec language to cover new operating systems, devices, or applications.
|
||
.triangle-right
|
||
|
||
|
||
/! use cases
|
||
|
||
.bg-gradient.margin-top
|
||
.pad-both.relative
|
||
#particles-second
|
||
canvas.particles-js-canvas-el
|
||
.slider
|
||
.row
|
||
.columns.selectors.mobile-hide.z-20
|
||
a.button.btn-lg.btn-slider.shadow-dark for Compliance
|
||
a.button.btn-lg.btn-slider.shadow-dark for Infrastructure
|
||
a.button.btn-lg.btn-slider.shadow-dark for Provisioning
|
||
.columns.selectors.slider-selectors.mobile-show.z-20
|
||
a.button.btn-lg.btn-slider.shadow-dark Compliance
|
||
a.button.btn-lg.btn-slider.shadow-dark Infrastructure
|
||
a.button.btn-lg.btn-slider.shadow-dark Provisioning
|
||
.view
|
||
.row
|
||
.large-7.medium-7.mobile-12.columns
|
||
h2.t-white.margin-both-sm
|
||
| Transform your compliance and security requirements into simple code
|
||
.row.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.mobile-row
|
||
.box-white.shadow-dark.fit-height.z-20
|
||
.block.margin-both-xs
|
||
h4.t-purple Codify agreements
|
||
p Combine profiles and customize them with overlays. Pick controls and define exceptions as code.
|
||
.block.margin-under-xs
|
||
h4.t-purple Add context to your tests
|
||
p Utilize many fields like descriptions, tags, and impact.
|
||
.block
|
||
h4.t-purple Apply to all systems
|
||
p Analyze everything using the same codified profiles and controls.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.box-dark.shadow-dark.fit-height.z-20
|
||
pre.t-white.align-vertical-50
|
||
code control 'sshd-21' do
|
||
code title 'Set SSH Protocol to 2'
|
||
code desc 'A detailed description'
|
||
code impact 1.0 # This is critical ref 'compliance guide, section 2.1'
|
||
code describe sshd_config do
|
||
code its('Protocol') { should cmp 2 }
|
||
code end
|
||
code end
|
||
.view
|
||
.row
|
||
.large-7.medium-7.mobile-12.columns
|
||
h2.t-white.margin-both-sm
|
||
| Solve your infrastructure testing needs simply and efficiently
|
||
.row.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.mobile-row
|
||
.box-white.shadow-dark.fit-height.z-20
|
||
.block.margin-both-xs
|
||
h4.t-purple Test the desired state
|
||
p Verify the current desired state of your apps and infrastructure according to the code you write.
|
||
.block.margin-under-xs
|
||
h4.t-purple HUMAN-READABLE CODE
|
||
p Reduce friction by writing tests that are easy to understand by anyone.
|
||
.block
|
||
h4.t-purple Extensible
|
||
p Create custom resources with ease and share them easily with others.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.box-dark.shadow-dark.fit-height.z-20
|
||
pre.t-white.align-vertical-50
|
||
code describe file('/etc/myapp.conf') do
|
||
code it { should exist }
|
||
code its('mode') { should cmp 0644 }
|
||
code end
|
||
br
|
||
code describe apache_conf do
|
||
code its('Listen') { should cmp 8080 }
|
||
code end
|
||
br
|
||
code describe port(8080) do
|
||
code it { should be_listening }
|
||
code end
|
||
.view
|
||
.row
|
||
.large-7.medium-7.mobile-12.columns
|
||
h2.t-white.margin-both-sm
|
||
| Verify provisioning to cloud providers
|
||
.row.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.mobile-row
|
||
.box-white.shadow-dark.fit-height.z-20
|
||
.block.margin-both-xs
|
||
h4.t-purple Test AWS and Azure configuration
|
||
p Verify all necessary settings of your favorite public cloud providers.
|
||
.block.margin-under-xs
|
||
h4.t-purple Test provisioners
|
||
p InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.
|
||
.block
|
||
h4.t-purple Verify security configuration
|
||
p Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.box-dark.shadow-dark.fit-height.z-20
|
||
pre.t-white.align-vertical-50
|
||
code describe aws_s3_bucket(bucket_name: 'my_secret_files') do
|
||
code it { should exist }
|
||
code it { should_not be_public }
|
||
code end
|
||
br
|
||
code describe aws_iam_user(username: 'test_user') do
|
||
code it { should have_mfa_enabled }
|
||
code it { should_not have_console_password }
|
||
code end
|
||
|
||
.scrollToTop.shadow-dark
|
||
img#scrollup src="/images/home/arrow.svg" onerror="this.src='/images/home/arrow.png'" alt="image of scroll to top arrow"
|