Chef Announces InSpec 2.0
February 20, 2018

Chef announced InSpec 2.0, a compliance automation solution that accelerates DevSecOps by allowing cross-functional application, infrastructure and security teams to assess and remediate compliance issues from development through the entire software delivery lifecycle.

InSpec 2.0 provides cloud configuration testing (including Microsoft Azure and AWS), more than 30 new conformance capabilities (including Docker, IIS, NGINX and PostgreSQL), enhanced integration with third-party tools and improved ease-of-use and customizability.

InSpec is the first step in Chef’s "Detect, Correct, Automate" approach to cloud migration and continuous automation. It helps organizations maintain an up-to-date view of compliance status in production, detect security issues long before they reach production and reduce risk while delivering applications faster. An open-source framework for describing security and compliance rules that can be shared between software engineers, operations and security engineers, InSpec enables compliance at velocity at all stages of the software delivery process, from the developer’s workstation all the way to production, with no performance impact or side-effects. InSpec’s readability means it is easy to use and understand for all team members, including those whose roles involve minimal coding.

New Capabilities

- Cloud configuration compliance: InSpec 2.0 gives users the ability to write compliance rules against cloud resources, including AWS and Microsoft Azure, with user-defined custom compliance policies.

- Improved user experience: InSpec 2.0 contains more than 30 new resources, allowing users to write compliance rules for many common applications and configuration files without requiring any programming knowledge. These include Docker, security keys (RSA/DSA/x509), webserver (IIS/nginx/Apache) configurations, packages (both system as well as Perl/R/etc.), PostgreSQL and MySQL database configurations, XPath matching in XML config files, ZFS storage pool configurations and many more.

- New integrations: InSpec results can now be exported as JUnit format for integration into continuous delivery tools such as Jenkins and can pull compliance profiles from Chef Automate. Previously-announced integration with Amazon Systems Manager (SSM) provides a frictionless on-ramp to InSpec in the cloud.

- Improved performance: InSpec 2.0 runs 90 percent faster than InSpec 1.0 on Windows and 30 percent faster on Linux.

“InSpec 2.0 builds on our commitment to build the essential tools and services needed for modern application teams to truly deliver on the promise of DevSecOps, fully integrating security with development and deployment for traditional and cloud-native software delivery,” said Marc Holmes, VP of Marketing at Chef. “InSpec provides an easy-to-learn, open-source path to incorporating security and compliance requirements as code directly with the delivery process, ensuring that applications and infrastructure are compliant every step of the way -- not just at the end of the process.”

Share this

Industry News

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.

March 21, 2024

GitHub announced that code scanning autofix, powered by GitHub Copilot and CodeQL, is available in public beta for all GitHub Advanced Security (GHAS) customers.

March 21, 2024

NetApp is collaborating with NVIDIA to advance retrieval-augmented generation (RAG) for generative AI applications.

March 21, 2024

CalypsoAI launched the CalypsoAI Platform, an advanced SaaS-based security and enablement solution for generative AI applications within the enterprise.