Velocity requires safety. Without it, being fast can do more harm than good. Security and compliance are non-negotiables for every enterprise. Use InSpec to express compliance as code and find problems early, before they slow you down.

How InSpec Works

InSpec is an open-source testing framework for infrastructure with a human-readable language for specifying compliance, security and other policy requirements. When compliance is code, you can integrate automated tests that check for adherence to policy into any stage of your deployment pipeline.

Understandable

Ensure that insecure services and protocols, such as telnet, are not used.

Declarative

Ensure that web servers are only listening on well-secured ports, for example, to meet PCI DSS encryption requirements.

Unambiguous

Add metadata to help communicate requirements to all team members. Development, operations, compliance and security, all have access to compliance rules.

Turn Your Compliance and Security Requirements Into Simple Code

Clearly Express Statements of Policy

When compliance is code, rules are unambiguous and can be understood by everyone on the team. Replace spreadsheets filled with abstract descriptions with tangible tests that have a clear intent.

Find Issues Early

Automated compliance tests can start at the beginning of the development cycle. You'll detect any issues well before your code goes into production, when problems are expensive and time consuming to fix.

Write Tests Quickly

The InSpec language includes a collection of resources that help you write audit controls quickly and easily. You can also create custom resources for your own particular situations.

Run Tests Anywhere

InSpec code runs on multiple platforms, including Linux, Windows and others. InSpec can be invoked by the Chef client or, in agentless mode, by using SSH, WinRM, or Docker access.

Inspect Machines, Data, and APIs

Your applications rely on more than just server configurations. With InSpec, you can assess data in a database or inspect the configuration of virtual resources by using their API.

Iterate and Fix Problems Quickly

When compliance is code, it becomes part of your development workflow. Detection and remediation of compliance failures has never been easier.

Learn How Enterprises Achieve Compliance at Velocity

Download the Whitepaper

Compliance for the Enterprise

Achieve Compliance at Velocity: InSpec + Chef Automate

Chef Automate builds on InSpec to give an enterprise everything it needs for compliance at velocity. Customizable reports identify compliance issues. Built-in rule sets let you immediately start testing for compliance. Deploy your software quickly, safely and reliably, even when there are multiple teams working on complex projects. With Chef Automate there's no tradeoff between speed and control.

Learn More about Chef Automate