How InSpec Works
InSpec is an open-source testing framework for infrastructure with a human-readable language for specifying compliance, security and other policy requirements. When compliance is code, you can integrate automated tests that check for adherence to policy into any stage of your deployment pipeline.
Understandable
Ensure that insecure services and protocols, such as telnet, are not used.
Declarative
Ensure that web servers are only listening on well-secured ports, for example, to meet PCI DSS encryption requirements.
Unambiguous
Add metadata to help communicate requirements to all team members. Development, operations, compliance and security, all have access to compliance rules.