Chef, the leading Continuous Automation technology provider, announced InSpec 2.0, which will enable DevOps to automate all the tests for compliance, security, and other policy requirements.
The InSpec 1.0 was about setting up the applications properly for machines. With the version 2.0, users can test cloud resources as well for compliance, by directly connecting to APIs of cloud providers.
It will now address the cloud security issues like the one happened last year when many popular apps and websites went down with AWS experiencing issues with its S3 cloud storage services.
InSpec 2.0 currently supports Microsoft Azure and Amazon Web Services, and comes with more than 30 configurations including Docker, IIS, NGINX and PostgreSQL, for testing of common system and application configurations. Developers can use InSpec to detect common security problems like checking for insecure AWS S3 buckets.
“InSpec 2.0 builds on our commitment to build the essential tools and services needed for modern application teams to truly deliver on the promise of DevSecOps, fully integrating security with development and deployment for traditional and cloud-native software delivery,” said Marc Holmes, VP of marketing at Chef. “InSpec provides an easy-to-learn, open-source path to incorporating security and compliance requirements as code directly with the delivery process, ensuring that applications and infrastructure are compliant every step of the way — not just at the end of the process.”
The latest version of Chef’s open source project builds continuous compliance throughout the entire software delivery lifecycle, from the workstation of developer to production. The process includes exchange of spreadsheets, doc files, PDFs, and making them easy-to-read and easy-to-use code.
It will help software engineers, operation teams, and security engineers to achieve continuous compliance with no impact on performance.
Also read: Top 12 open source tools for sysadmins in 2018
Chef InSpec 2.0 is also the first step towards “Detect, Correct, Automate” approach for detection and correction of security and compliance issues in production.