Chef Announces InSpec 2.0
February 20, 2018

Chef announced InSpec 2.0, a compliance automation solution that accelerates DevSecOps by allowing cross-functional application, infrastructure and security teams to assess and remediate compliance issues from development through the entire software delivery lifecycle.

InSpec 2.0 provides cloud configuration testing (including Microsoft Azure and AWS), more than 30 new conformance capabilities (including Docker, IIS, NGINX and PostgreSQL), enhanced integration with third-party tools and improved ease-of-use and customizability.

InSpec is the first step in Chef’s "Detect, Correct, Automate" approach to cloud migration and continuous automation. It helps organizations maintain an up-to-date view of compliance status in production, detect security issues long before they reach production and reduce risk while delivering applications faster. An open-source framework for describing security and compliance rules that can be shared between software engineers, operations and security engineers, InSpec enables compliance at velocity at all stages of the software delivery process, from the developer’s workstation all the way to production, with no performance impact or side-effects. InSpec’s readability means it is easy to use and understand for all team members, including those whose roles involve minimal coding.

New Capabilities

- Cloud configuration compliance: InSpec 2.0 gives users the ability to write compliance rules against cloud resources, including AWS and Microsoft Azure, with user-defined custom compliance policies.

- Improved user experience: InSpec 2.0 contains more than 30 new resources, allowing users to write compliance rules for many common applications and configuration files without requiring any programming knowledge. These include Docker, security keys (RSA/DSA/x509), webserver (IIS/nginx/Apache) configurations, packages (both system as well as Perl/R/etc.), PostgreSQL and MySQL database configurations, XPath matching in XML config files, ZFS storage pool configurations and many more.

- New integrations: InSpec results can now be exported as JUnit format for integration into continuous delivery tools such as Jenkins and can pull compliance profiles from Chef Automate. Previously-announced integration with Amazon Systems Manager (SSM) provides a frictionless on-ramp to InSpec in the cloud.

- Improved performance: InSpec 2.0 runs 90 percent faster than InSpec 1.0 on Windows and 30 percent faster on Linux.

“InSpec 2.0 builds on our commitment to build the essential tools and services needed for modern application teams to truly deliver on the promise of DevSecOps, fully integrating security with development and deployment for traditional and cloud-native software delivery,” said Marc Holmes, VP of Marketing at Chef. “InSpec provides an easy-to-learn, open-source path to incorporating security and compliance requirements as code directly with the delivery process, ensuring that applications and infrastructure are compliant every step of the way -- not just at the end of the process.”

Share this

Industry News

October 03, 2022

Spectro Cloud announced a major new release of its Palette Edge platform.

October 03, 2022

Arcion announced agentless change data capture (CDC) for all of its supported databases and applications.

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.

September 28, 2022

Kong introduced a number of new performance, security and extensibility features across its entire product portfolio, including major new releases of Kong Gateway, Kong Konnect, Kong Mesh, Kong Insomnia and Kong Ingress Controller, as well as new projects from the Kong Incubator.

September 28, 2022

BroadPeak Partners announced the availability of the new K3 API Connector.

September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.