What is InSpec 2.0
InSpec is an open-source project from the software company, Chef. It has been designed to allow for business to define security and compliance requirements in the form of code, so that they may be incorporated into other existing programs. This increases business efficiency, by allowing them to ship faster without any loss in security.
InSpec 2.0, is the latest version. It follows advancements that have been made into the realm of cloud computing. In recent years, the cloud has become a more and more common space for both computing and storage. As such, existing programs such as InSpec need to adapt to incorporate the new functionality required by these changes.
What has Changed
InSpec was originally designed to test whether or not machines were following the standards set by the company using it. The new version can connect directly to the APIs of cloud providers, and check whether or not the resources contained within are compliant.
It has been created in such a way as to make the code as easy to parse as possible. This means that minimal training is required to teach people how it works, whether it looking for the right things, and whether or not it is functioning correctly.
How to get Started with InSpec 2.0
The first resource that should be looked at, is a >tutorial created by Chef. This explains how to use InSpec 2.0, within the context of checking attributes in an Amazon Web Service virtual machine.
Since this is an update, it assumes some prior knowledge on behalf of the user. For instance, it assumes the user knows how to create a virtual machine using the Amazon Web Service console. There is also a tutorial that teaches how to do that, too.
As well as a tutorial, this update is accompanied by extensive documentation. There are also plans to provide additional learning material through the learn Chef rally that will contain material on how to use the software with cloud resources on both Amazon Web Services, and Microsoft Azure.
In addition to the learning materials, there are 30 more resources for the purpose of testing existing systems. This is intended to help make the new software fit into existing systems as easily as possible. There are checks for common application and system configurations, allowing for rules to be written for platforms as diverse as SQL databases, Docker images, and others.