{"id":28481475,"url":"https://github.com/dev-sec/openstack-baseline","last_synced_at":"2025-09-05T22:39:04.311Z","repository":{"id":43093387,"uuid":"46383654","full_name":"dev-sec/openstack-baseline","owner":"dev-sec","description":"Use InSpec to run through the configurations from the OpenStack Security Guide.","archived":false,"fork":false,"pushed_at":"2024-08-07T23:46:49.000Z","size":93,"stargazers_count":18,"open_issues_count":2,"forks_count":15,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-07-04T19:39:59.265Z","etag":null,"topics":["inspec"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dev-sec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.MD","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-11-18T00:06:05.000Z","updated_at":"2024-01-12T18:06:24.000Z","dependencies_parsed_at":"2025-07-04T19:34:30.485Z","dependency_job_id":"9c9ca361-bae3-47be-8643-8571a8c3549d","html_url":"https://github.com/dev-sec/openstack-baseline","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/dev-sec/openstack-baseline","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-sec%2Fopenstack-baseline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-sec%2Fopenstack-baseline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-sec%2Fopenstack-baseline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-sec%2Fopenstack-baseline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dev-sec","download_url":"https://codeload.github.com/dev-sec/openstack-baseline/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-sec%2Fopenstack-baseline/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273832805,"owners_count":25176267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-05T02:00:09.113Z","response_time":402,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["inspec"],"created_at":"2025-06-07T20:07:29.036Z","updated_at":"2025-09-05T22:39:04.284Z","avatar_url":"https://github.com/dev-sec.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# InSpec Compliance for the OpenStack Security Guide\n\nThis is a collection of [InSpec](http://inspec.io) scripts to check compliance against the [OpenStack Security Guide](http://docs.openstack.org/security-guide/).\n\nThe control checklists for Keystone, Horizon, Cinder, Nova and Neutron are implemented based on OpenStack Mitaka and beyond configuration standards.\n\nSome control implementation exists for Swift and Manila, but has not been tested.\n\nBeta-level controls exist for Glance. These controls are inspired by those currently recommended in the OpenStack Security Guide for Cinder.\n\n## Installation\n\n```shell\ngit clone git@github.com:chef-partners/inspec-openstack-security.git\ncd inspec-openstack-security\nbundle install\n```\n\n## Run tests locally\n\n```shell\nbundle exec inspec exec .\n```\n\n## Run tests against remote host(s)\n\nNote that the controls can only be run against a single host until\nhttps://github.com/chef/inspec/issues/268 is closed.\n\nIf your OpenStack control plane consists of multiple hosts, you'll need to\nrun InSpec against each host separately.\n\n```shell\nbundle exec inspec exec . -t ssh://user@hostname\n```\n\n## Run controls for a particular service\n\n### Identity controls\n\n```shell\nbundle exec inspec exec . \\\n  --controls check-identity-01 check-identity-02 \\\n    check-identity-03 check-identity-04 \\\n    check-identity-05 check-identity-06\n```\n\n### Dashboard controls\n\n```shell\nbundle exec inspec exec . \\\n  --controls check-dashboard-01 check-dashboard-02 \\\n    check-dashboard-03 check-dashboard-04 \\\n    check-dashboard-05 check-dashboard-06 \\\n    check-dashboard-07 check-dashboard-08 \\\n    check-dashboard-09 check-dashboard-10 \\\n    check-dashboard-11\n```\n\n### Block Storage controls\n\n```shell\nbundle exec inspec exec . \\\n  --controls check-block-01 check-block-02 \\\n    check-block-03 check-block-04 \\\n    check-block-05 check-block-06 \\\n    check-block-07 check-block-08\n```\n\n### Compute controls\n\n```shell\nbundle exec inspec exec . \\\n  --controls check-compute-01 check-compute-02 \\\n    check-compute-03 check-compute-04 \\\n    check-compute-05\n```\n\n### Network controls\n\n```shell\nbundle exec inspec exec . \\\n  --controls check-neutron-01 check-neutron-02 \\\n    check-neutron-03 check-neutron-04 \\\n    check-neutron-05\n```\n\n### Image controls\n\n```shell\nbundle exec inspec exec . \\\n  --controls check-image-01 check-image-02 \\\n    check-image-03 check-image-04\n```\n\n### Orchestration controls\n```shell\nbundle exec inspec exec . \\\n  --controls check-orchestration-01 check-orchestration-02 \\\n    check-orchestration-03 --attrs attributes.yml\n```\n\nattributes.yml has the following contents\n```yaml\nheat_enabled: true\n```\n\n### Telemetry and Telemetry Alarming controls\n\n```shell\ninspec exec . --controls check-telemetry-01 check-telemetry-02 \\\n                check-telemetry-03 check-telemetry-04 \\\n                check-telemetry-alarming-01 check-telemetry-alarming-02 \\\n                check-telemetry-alarming-03 \\\n                --attrs attributes.yml\n```\n\nattributes.yml has the following contents\n```yaml\nceilometer_enabled: true\naodh_enabled: true\n```\n\n# License\n\nApache 2\n\n## License \u0026 Authors\n\n- Author: JJ Asghar ([jj@chef.io](mailto:jj@chef.io))\n\n```text\nCopyright:: 2015-2017, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdev-sec%2Fopenstack-baseline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdev-sec%2Fopenstack-baseline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdev-sec%2Fopenstack-baseline/lists"}