Questions tagged [inspec]

For questions about InSpec, a Ruby-based open-source testing framework for testing and auditing applications and infrastructure.

From InSpec Documentation:

InSpec is a free and open-source framework for testing and auditing your applications and infrastructure. InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write InSpec code. InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.

Website: InSpec

6 questions

votes

1 answer

Condition to skip a test when running in a container

I'm writing an Inspec profile which has a specific control that I want to skip if the control is running inside a docker container. This looks like: control 'ssh daemon' do impact 'critical' only_if('not in docker') do condition_expression …

docker inspec

asked Mar 03 '20 at 07:55

Bruce Becker

3,783
4
20
41

votes

1 answer

Inspec tests conditional on OS version

What is the idiomatic way to tell Inspec to run test X on OS version A and test Y on OS version B? I'm aware of the technique of dumping the Chef node object to a JSON file in /tmp but that isn't doing it for me as that runs within the Test Kitchen…

chef virtualbox inspec

asked Sep 23 '18 at 14:58

Gaius

1,096
10
18

votes

1 answer

How do I run the InSpec using a wrapper profile?

This blog post describes wrapper profiles in detail: https://blog.chef.io/2017/07/06/understanding-inspec-profile-inheritance/ At the very end of the post, it references a Git repo that contains an example of using a wrapper…

chef inspec

asked Jul 02 '18 at 17:49

james.garriss

vote

1 answer

Inspec errors using https://github.com/dev-sec/linux-baseline

I am running the following command inspec exec https://github.com/dev-sec/linux-baseline -t ssh://ubuntu@10.0.1.22 -i ~/.ssh/id_rsa --sudo And I am getting failures for Check login.defs (4 failed) All these params look like they should…

inspec

asked Aug 15 '20 at 21:36

CLJ

votes

1 answer

How to have Kitchen CI run a script on success?

I've got a Chef repo that uses test-kitchen. I have a pretty good battery of tests, and when I run the tests and they're successful, I have a vendor.sh script that does some cleanup and a Berks vendor. What I'd like to be able to do is automatically…

chef inspec

asked Oct 05 '19 at 16:29

Chaim Eliyah

votes

1 answer

Why won't InSpec admit that port 5432 is listening inside a PostgreSQL container?

Background I'm trying to test a PostgreSQL container with InSpec 2.1.10, but I cannot get a simple port check to return true, even though Docker, netstat, and psql all report that the port is properly mapped. While it's possible this is a bug in…

docker ports inspec postgresql alpine

asked Mar 27 '18 at 01:25

CodeGnome