The makers of Chef Software have made a new release on their other product, the long-awaited InSpec 3.0. The last major upgrade of the software was back in February. Statistics show that it has had over 49270 times since that last upgrade. The number is likely to rise for the latest version, thanks to the many new resources that have been added. The release comes with usability improvements, bug fixes, and more platform support.
Plugins and integrations
InSpec 3.0 has extended capabilities which are brought about by the fact that you can install plugins. You can choose to create your own plugins or search for ones already created.
The two varieties of the plugins are InSpec plugins and InSpec platform plugins. The former offers new InSpec CLI functionality, which adds new commands. The latter enhances the ability of InSpec to communicate with API endpoints and targets.
Improvements in ease of use
Controls that are not relevant to a specific system can be conditionally skipped without necessitating application permutations or unique server profiles.
With the previous releases, it was quite difficult to determine the reasons as to why a control was skipped without having to scrutinize the source code. The current InSpec gives each constraint a descriptive message, which is directly displayed for quick and easy validation.
Multiple descriptions for control
You can have many description fields when creating the controls, which gives additional context for the rule that is being evaluated.
In addition to that, you can now give the desc parameter two arguments. The first one will be used as a header when Chef Automate is rendered and the second one used as its content. Users can, therefore, provide descriptions that are more categorized and detailed for each evaluated control.
The impact parameter defines the severity of each control, ranging from minor to critical. A user has an alternative to defining impact as low, medium, high, or critical.
Features of InSpec 3.0
A provisioner Terraform plugin allows for execution of InSpec while Terraform is running, to validate the state of cloud infrastructure and virtual machines in a seamless operation. InSpec now provides InSpec-Iggy, enabling the generation of compliance controls from Terraform state file.
Google cloud platform compliance
The new plugin architecture helps to extend its capabilities of cloud compliance. The premium content of InSpec in Chef Automate allows users to get started quickly, ensuring compliance across the infrastructure and applications. Chef has been certified by CIS as the first vendor of compliance automation implementing CIS GCP benchmark.
The improvements made to the profiles packaging mechanism allows the developers to iterate on InSpec profiles more easily and with dependencies.
The new release introduces a description interface, which is key-value based. This allows for better reporting and controls de-duplication, satisfying more compliance regimes. Users can, therefore, create metadata categories that are customized.
The plugin architecture of InSpec 3.0 supports more communication protocols, extending it to a variety of frameworks beyond the Chef Software. It makes it a lot easier to describe new resources which can be tested and offers a stable API, enabling DevOps teams to modify the way tests are conducted. It increases the velocity of compliance audits as well as reduces the risk for DevOps teams.
Maybe you'll find this white paper interesting: