Additional Info

CompanyChef Software
Websitehttp://chef.io
Company size (employees)100 to 499
Type of solutionSoftware

Overview

Launched in November 2017, InSpec is the first step in Chef’s “detect, correct, automate” approach to cloud migration and continuous automation. It helps organizations maintain an up-to-date view of compliance status in production, detect security issues long before they reach production and reduce risk while delivering applications faster. It is an open-source testing framework for infrastructure, with a human-readable language for specifying compliance, security and other policy requirements.

InSpec can replace spreadsheets and abstract descriptions with tangible tests that have clear intent. It finds issues early with automated compliance tests that can start at the beginning of the development cycle. Users can detect any issues well before their code goes into production, when problems are expensive and time-consuming to fix. InSpec is part of Chef’s continuous automation platform, which is powered by an active open source community of more than 70,000 active contributors. It can support any environment, from applications that run on bare metal in the data center to container-based microservices in the cloud. Additionally, through InSpec, companies can test large-scale environments for compliance while still moving at velocity.

InSpec has released two new versions since its launch to add additional capabilities for its users. In February 2018, Chef launched InSpec 2.0, which included cloud configuration testing (including Microsoft Azure and AWS), more than 30 new conformance capabilities (including Docker, IIS, NGINX and PostgreSQL), enhanced integration with third-party tools and improved ease-of-use and customizability. In October 2018, Chef announced the latest version, InSpec 3.0 with significant updates to the platform, including a new plugin architecture, greatly improved ease-of use, improved exception management and automated compliance for Terraform. InSpec 3.0 greatly increases the velocity of compliance audits and remediation, while reducing risk for cross-functional security, development and operations (DevSecOps) teams and their organizations.

How we are different

*InSpec uniquely bridges the gap between application development and information security by aligning both postures into a code-driven process. Teams can easily integrate these automated tests into any stage of their deployment pipeline, helping them identify issues during development and not after the fact. The resulting compliance profile can be shared across an organization as human-readable, versionable, executable code


*Using InSpec with Chef Automate gives InfoSec teams additional mechanisms that can account for compliance test coverage, provide audit visibility, allow for separation of duties, and remediate compliance violations quickly. This ensures that separate checks originating from different teams occur, but from one central location so that barriers to collaboration between developers and InfoSec are still lowered.


*Customer testimonials:
“InSpec 3.0 gives everyone confidence that we can automatically deploy and maintain infrastructure-as-code in a transparent, repeatable and secure way. And, due to the human-readable way InSpec code is written, we’ve had success getting buy-in from the non-technical decision makers, which has been crucial in supporting our transformation efforts.” – Hans Nesbitt, Cloud Engineer for Pacific Life


“With InSpec as an integral part of our pipeline, we can automatically test for security and compliance throughout the development process…The detailed visibility into our systems that InSpec provides enables us to drive towards an Automated ATO (Authority to Operate), or approval to push live. This accelerates how we deliver mission capabilities to our citizens and service members while adhering to our security requirements.” – Keith Walters, Director of Partner Solutions for TapHere! Technology.
“With InSpec, you have a real-time view of how you’re performing. When you come to that audit exam you already know if you’re passing or not. In fact, the event of the audit is a simple step of printing the output.” – John Williams, CTO for NIU Solutions