InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines.
This workshop covers the basics of working with InSpec. We will import and use community provided security profiles, create new controls and profiles, and work with InSpec’s tooling for integration with workflow tools. If time allows, we will also look at InSpec support for testing objects in AWS and other features.