Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/www/source/index.html.slim
Jared Quick 2bbcdbde9b
Inspec 3.0 (#3512) 
* Remove deprecated yumrepo. (#3435)

* Remove deprecations for cli `--format` and metadata.rb (#3452)

* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.

* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.

* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.

* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)

* Skip loading dependency profiles if they are unsupported on the current
platform.

Skip loading dependencies if they are unsupported on the current
platform.

Wrap our log and next in a conditional checking if the platform is
supported.

Change a `if !` into a `unless`

Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.

While iterating through tests being loaded skip when the platform is
unsupported.

We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.

Modified existing test to log that there are 0 skipped tests, instead of
2.

Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.

* Rather than iterating through each test return before recursion if the platform is
unsupported.

* Resolve tests using a supported platform different from testing platform

Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.

We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases.  Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows

Also Updated `file_provider_test.rb` for `complete-profile` content changes.

If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.

* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'

* Fix skip bug when using include/require controls. (#3487)

* Fix skip bug when using include/require controls.
* fix test and feedback.

* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)

* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch

Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)

* Remove 3.0 testing checks.

* Fix azure link.
2018-10-15 18:25:27 -04:00

281 lines
13 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: InSpec - Audit and Automated Testing Framework
description: InSpec is an open source (OSS) automated testing tool for integration, compliance, security, and other policy requirements. Easily test your network and systems on-site or on cloud platforms such as AWS, Azure, and Docker Containers.
priority: 1.0
change_frequency: daily
---
/! header
header.bg-gradient.margin-top-offset.short-bg.relative
.row.align.margin-top-sm
.large-7.medium-7.mobile-12.columns.z-20
.margin-both
h1.t-white InSpec is compliance as code
h3.t-white Turn your compliance, security, and other policy requirements into automated tests.
/! buttons
.row.align.columns.margin-top-sm.mobile-row-btn
a.button.btn-lg.btn-purple.shadow-dark.margin-right-xs.mobile-row-btn href="/downloads"
i.fa.fa-cloud-download
span download inspec 3.0
a.button.btn-lg.btn-white-o.shadow-dark.mobile-row-btn href="/tutorials" browse tutorials
a class="github-button" href="https://github.com/chef/inspec" data-size="large" data-show-count="true" aria-label="Star chef/inspec on GitHub" Star
.large-5.medium-5.columns.relative.mobile-hide
/! diamond image
img.diamond src="/images/home/diamond.png" alt="image of diamond"/
img.grid-animate.fit.z-20 src="/images/home/web.svg" onerror="this.src='/images/home/web.png'" alt="image of grid"/
/! announcement
.row.columns
.box-white.shadow.z-20.slide-left
h3.large-11.medium-11 Announcing InSpec 3.0
p.large-11.medium-11 Plugin system, global attributes, enchanced skip messaging, and more.
#expand
.margin-top-sm.brdr-left.large-11.medium-11
.margin-left-sm
h4.t-purple core
p New plugin system for InSpec CLI and Train
p Enhanced "only_if" skip messaging
p Unsupported profiles are now hidden from output
p Attributes are now specified in <a href="/docs/reference/profiles/">inspec.yml</a>
p Text based severity (e.g. "impact 'low'" )
p Tons of security/bug fixes and improvements
.margin-top-sm.brdr-left.large-11.medium-11
.margin-left-sm
h4.t-purple cloud
p
| New <a href="http://www.inspec.io/docs/reference/resources/#azure-resources">Azure</a> and <a href="/docs/reference/resources/#gcp-resources">GCP resources</a>
p Support for VMware ESXi via PowerCLI (Even on Linux!)
.margin-top-xs
a#expandBtn Show all new features
/! canvas elements
#particles-js.particles
canvas.particles-js-canvas-el /
/! Get started
.margin-both
.row.relative
.columns
hr
small.t-gray How InSpec works
h2.txt-margin Get started with InSpec in 3 simple steps
hr
.large-5.medium-5.columns.blue-grid.mobile-hide
img.grid-animate.fit src="/images/community/blue-web.svg" onerror="this.src='/images/community/blue-web.png'" alt="image of grid"
.margin-top-sm
.row.align.mobile-row
.large-6.medium-6.mobile-12.columns
.flex.align
.num-container
h3.t-purple 1
.block.margin-left-sm
h4.t-purple write the test
p Create simple Ruby-based tests to verify your expected state against the current state of your systems.
.large-6.medium-6.mobile-12.columns
.flex.align.slide-right
.tooltip-triangle
.box-dark.box-scroll.tip.shadow
pre.slide-up-slow.animate-delay-10
code control 'example-1.0' do
code impact 0.9
code title 'Ensure login disabled'
code desc 'An optional description...'
code describe sshd_config do
code its('PermitRootLogin') {
code should_not cmp 'yes'
code }
code end
code end
.margin-top-xs
.row.align.mobile-row
.large-6.medium-6.mobile-12.columns
.flex.align
.num-container
h3.t-purple 2
.block.margin-left-sm
h4.t-purple run the test
p Execute your test against your target system locally or remotely with one simple command.
.large-6.medium-6.mobile-12.columns
.flex.align.slide-right
.tooltip-triangle
.box-dark.tip.shadow
pre
code $ inspec exec linux-baseline
.margin-top-xs
.row.align.mobile-row
.large-6.medium-6.mobile-12.columns
.flex.align
.num-container
h3.t-purple 3
.block.margin-left-sm
h4.t-purple See the results
p See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.
.large-6.medium-6.mobile-12.columns
.flex.align.slide-right
.tooltip-triangle
.box-dark.box-scroll.tip.shadow
pre.slide-up-slow.animate-delay-20
code Profile: InSpec Profile (example_profile)
code Version: 0.1.0
code Target: local://
br
code ✔ example-1.0: Ensure root login is disabled via SSH
code ✔ SSHD Configuration PermitRootLogin should not cmp == "yes"
br
code Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
code Test Summary: 1 successful, 0 failures, 0 skipped
/! how it works
.row.relative.margin-under-sm
.columns.strict-center
hr.center
small.t-gray Features of InSpec
h2.txt-margin InSpec is compliance by design
hr.center
.row.strict-center.mobile-row
.large-6.medium-6.columns.mobile-12.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/platform.svg" onerror="this.src='/images/home/platform.png'" alt="image for InSpec platform support"/
h4.t-purple Platform Agnostic
p
| InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.
a title="Linux, Windows/Azure, Mac, Ubuntu, Docker, AWS, VMware, RedHat"
img.icon-logos src="/images/home/platform-logos.svg" onerror="this.src='/images/home/platform-logos.png'" alt="logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware"/
.triangle-right
.large-6.medium-6.columns.mobile-12.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/test.svg" onerror="this.src='/images/home/test.png'" alt="image for InSpec remote and local testing"/
h4.t-purple Test locally or remotely
p
| InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.
a title="SSH, WinRM"
img.icon-logos src="/images/home/test-logos.svg" onerror="this.src='/images/home/test-logos.png'" alt="logos for SSH and WinRM" /
.triangle-right
.row.strict-center.mobile-row
.large-6.medium-6.mobile-12.columns.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/run.svg" onerror="this.src='/images/home/run.png'" alt="image for InSpec freedom"/
h4.t-purple Free to run anywhere
p
| InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.
.triangle-right
.large-6.medium-6.mobile-12.columns.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/extensible.svg" onerror="this.src='/images/home/extensible.png'" alt="image for InSpec's extensible language" /
h4.t-purple Extensible language
p
| Easily extend the InSpec language to cover new operating systems, devices, or applications.
.triangle-right
/! use cases
.bg-gradient.margin-top
.pad-both.relative
#particles-second
canvas.particles-js-canvas-el
.slider
.row
.columns.selectors.mobile-hide.z-20
a.button.btn-lg.btn-slider.shadow-dark for Compliance
a.button.btn-lg.btn-slider.shadow-dark for Infrastructure
a.button.btn-lg.btn-slider.shadow-dark for Provisioning
.columns.selectors.slider-selectors.mobile-show.z-20
a.button.btn-lg.btn-slider.shadow-dark Compliance
a.button.btn-lg.btn-slider.shadow-dark Infrastructure
a.button.btn-lg.btn-slider.shadow-dark Provisioning
.view
.row
.large-7.medium-7.mobile-12.columns
h2.t-white.margin-both-sm
| Transform your compliance and security requirements into simple code
.row.mobile-row
.large-6.medium-6.mobile-12.columns.mobile-row
.box-white.shadow-dark.fit-height.z-20
.block.margin-both-xs
h4.t-purple Codify agreements
p Combine profiles and customize them with overlays. Pick controls and define exceptions as code.
.block.margin-under-xs
h4.t-purple Add context to your tests
p Utilize many fields like descriptions, tags, and impact.
.block
h4.t-purple Apply to all systems
p Analyze everything using the same codified profiles and controls.
.large-6.medium-6.mobile-12.columns
.box-dark.shadow-dark.fit-height.z-20
pre.t-white.align-vertical-50
code control 'sshd-21' do
code title 'Set SSH Protocol to 2'
code desc 'A detailed description'
code impact 1.0 # This is critical ref 'compliance guide, section 2.1'
code describe sshd_config do
code its('Protocol') { should cmp 2 }
code end
code end
.view
.row
.large-7.medium-7.mobile-12.columns
h2.t-white.margin-both-sm
| Solve your infrastructure testing needs simply and efficiently
.row.mobile-row
.large-6.medium-6.mobile-12.columns.mobile-row
.box-white.shadow-dark.fit-height.z-20
.block.margin-both-xs
h4.t-purple Test the desired state
p Verify the current desired state of your apps and infrastructure according to the code you write.
.block.margin-under-xs
h4.t-purple HUMAN-READABLE CODE
p Reduce friction by writing tests that are easy to understand by anyone.
.block
h4.t-purple Extensible
p Create custom resources with ease and share them easily with others.
.large-6.medium-6.mobile-12.columns
.box-dark.shadow-dark.fit-height.z-20
pre.t-white.align-vertical-50
code describe file('/etc/myapp.conf') do
code it { should exist }
code its('mode') { should cmp 0644 }
code end
br
code describe apache_conf do
code its('Listen') { should cmp 8080 }
code end
br
code describe port(8080) do
code it { should be_listening }
code end
.view
.row
.large-7.medium-7.mobile-12.columns
h2.t-white.margin-both-sm
| Verify provisioning to cloud providers
.row.mobile-row
.large-6.medium-6.mobile-12.columns.mobile-row
.box-white.shadow-dark.fit-height.z-20
.block.margin-both-xs
h4.t-purple Test AWS and Azure configuration
p Verify all necessary settings of your favorite public cloud providers.
.block.margin-under-xs
h4.t-purple Test provisioners
p InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.
.block
h4.t-purple Verify security configuration
p Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.
.large-6.medium-6.mobile-12.columns
.box-dark.shadow-dark.fit-height.z-20
pre.t-white.align-vertical-50
code describe aws_s3_bucket(bucket_name: 'my_secret_files') do
code it { should exist }
code it { should_not be_public }
code end
br
code describe aws_iam_user(username: 'test_user') do
code it { should have_mfa_enabled }
code it { should_not have_console_password }
code end
.scrollToTop.shadow-dark
img#scrollup src="/images/home/arrow.svg" onerror="this.src='/images/home/arrow.png'" alt="image of scroll to top arrow"
Reference in a new issue View git blame Copy permalink