{"id":13533517,"url":"https://github.com/inspec/inspec","last_synced_at":"2026-02-23T17:27:44.808Z","repository":{"id":37840064,"uuid":"41571541","full_name":"inspec/inspec","owner":"inspec","description":"InSpec: Auditing and Testing Framework","archived":false,"fork":false,"pushed_at":"2024-07-15T16:53:33.000Z","size":56310,"stargazers_count":2831,"open_issues_count":408,"forks_count":683,"subscribers_count":137,"default_branch":"main","last_synced_at":"2024-07-17T06:30:15.639Z","etag":null,"topics":["audit","compliance","devops","devsec","inspec","security","spec","tdd","tdd-utilities","testing"],"latest_commit_sha":null,"homepage":"http://inspec.io","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/inspec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":"support/ci/deploy_website_to_acceptance.sh","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-08-28T22:16:01.000Z","updated_at":"2024-07-17T06:30:49.005Z","dependencies_parsed_at":"2023-12-15T13:25:21.040Z","dependency_job_id":"e05b3acf-ecef-4fe3-ac08-0aabc952e2ef","html_url":"https://github.com/inspec/inspec","commit_stats":{"total_commits":9008,"total_committers":418,"mean_commits":"21.550239234449762","dds":0.8720026642984015,"last_synced_commit":"95c586afaa39d0e97fd0fd851cba037ae60e0b75"},"previous_names":["chef/inspec"],"tags_count":1861,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inspec%2Finspec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inspec%2Finspec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inspec%2Finspec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inspec%2Finspec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/inspec","download_url":"https://codeload.github.com/inspec/inspec/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246713459,"owners_count":20821893,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","compliance","devops","devsec","inspec","security","spec","tdd","tdd-utilities","testing"],"created_at":"2024-08-01T07:01:20.610Z","updated_at":"2026-01-28T16:06:25.639Z","avatar_url":"https://github.com/inspec.png","language":"Ruby","readme":"# Chef InSpec: Inspect Your Infrastructure\n\n* **Project State: Active**\n* **Issues Response SLA: 14 business days**\n* **Pull Request Response SLA: 14 business days**\n\nFor more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/main/repo-management/repo-states.md).\n\n[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)\n[![Build status](https://badge.buildkite.com/bf4c5fdc3858cc9f8c8bab8376e8e40d625ad046df9d4d8619.svg?branch=main)](https://buildkite.com/chef-oss/inspec-inspec-main-verify)\n[![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=main)](https://coveralls.io/github/inspec/inspec?branch=main)\n\nChef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.\n\n```ruby\n# Disallow insecure protocols by testing\n\ndescribe package('telnetd') do\n  it { should_not be_installed }\nend\n\ndescribe inetd_conf do\n  its(\"telnet\") { should eq nil }\nend\n```\n\nChef InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://docs.chef.io/inspec/cli/).\n\n```bash\n# run test locally\ninspec exec test.rb\n\n# run test on remote host via SSH\ninspec exec test.rb -t ssh://user@hostname -i /path/to/key\n\n# run test on remote host using SSH agent private key authentication. Requires Chef InSpec 1.7.1\ninspec exec test.rb -t ssh://user@hostname\n\n# run test on remote windows host via WinRM\ninspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'\n\n# run test on remote windows host via WinRM as a domain user\ninspec exec test.rb -t winrm://windowshost --user 'UserName@domain' --password 'your-password'\n\n# run test on docker container\ninspec exec test.rb -t docker://container_id\n```\n\n# Features\n\n- Built-in Compliance: Compliance no longer occurs at the end of the release cycle\n- Targeted Tests: Chef InSpec writes tests that specifically target compliance issues\n- Metadata: Includes the metadata required by security and compliance pros\n- Easy Testing: Includes a command-line interface to run tests quickly\n\n## Installation\n\nChef InSpec requires Ruby ( \u003e= 3.1.0 ).\n\nAll currently supported versions of Chef InSpec (5.0 and later) require accepting the EULA to use. Please visit the [license acceptance page](https://docs.chef.io/licensing/accept/) on the Chef docs site for more information.\n\n### Install as package\n\nThe Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [Chef InSpec Downloads](https://www.chef.io/downloads/tools/inspec) or install Chef InSpec via script:\n\n```text\n# RedHat, Ubuntu, and macOS\ncurl https://chefdownload-commercial.chef.io/install.sh?license_id=\u003cLICENSE_ID\u003e | sudo bash -s -- -P inspec\n\n# Windows\n. { iwr -useb https://chefdownload-commercial.chef.io/install.ps1?license_id=\u003cLICENSE_ID\u003e } | iex; install -project inspec\n```\n\nReplace `\u003cLICENSE_ID\u003e` with your license ID.\n\nFor more information about the install scripts, see the [Chef Install Script documentation](/chef_install_script/).\n\n### Install it via rubygems.org\n\nInstalling Chef InSpec from source may require installing ruby build tools to manage gem dependencies. (A compiler-free variant is available with reduced functionality; use `inspec-core-bin` and `inspec-core`.)\n\nTo install build tools, use your package manager.\n\nFor CentOS/RedHat/Fedora:\n\n```bash\nyum -y install ruby ruby-devel make gcc gcc-c++\n```\n\nFor Ubuntu:\n\n```bash\napt-get -y install ruby ruby-dev gcc g++ make\n```\n\nTo install the `inspec` executable, which requires accepting the [Chef License](https://docs.chef.io/chef_license_accept.html), run:\n\n```bash\ngem install inspec-bin\n```\n\nYou may also use `inspec` as a library, with no executable. This does not require accepting the license. To install the library as a gem, run:\n\n```bash\ngem install inspec\n```\n\n### Usage via Docker\n\nDownload the image and define a function for convenience:\n\nFor Linux:\n\n```\ndocker pull chef/inspec\nfunction inspec { docker run -it --rm -v $(pwd):/share chef/inspec \"$@\"; }\n```\n\nFor Windows (PowerShell):\n\n```\ndocker pull chef/inspec\nfunction inspec { docker run -it --rm -v \"$(pwd):/share\" chef/inspec $args; }\n```\n\nIf you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.\n\n```\n$ ls -1\nvagrant\ntest.rb\n\n$ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant\n..\n\nFinished in 0.04321 seconds (files took 0.54917 seconds to load)\n2 examples, 0 failures\n```\n\nTo scan the docker containers running on the host using the containerized InSpec, we need to bind-mount the Unix socket `/var/run/docker.sock` from the host machine to the InSpec Container.\n\n```\ndocker pull chef/inspec\nfunction inspec { docker run -it --rm -v $(pwd):/share -v /var/run/docker.sock:/var/run/docker.sock chef/inspec \"$@\"; }\n```\n`/var/run/docker.sock` is the Unix socket the Docker daemon listens on by default.\n\n\n### Install it from source\n\nNote that installing from OS packages from [the download page](https://www.chef.io/downloads/tools/inspec) is the preferred method.\n\nThat requires [bundler](http://bundler.io/):\n\n```bash\nbundle install\nbundle exec inspec help\n```\n\nTo install it as a gem locally, run:\n\n```bash\ngem build inspec.gemspec\ngem install inspec-*.gem\n```\n\nOn Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.\n\n### Install via Chef Habitat\n\nCurrently, this method of installation only supports Linux. See the [Chef Habitat site](https://www.habitat.sh/) for more information.\n\nDownload the `hab` binary from the [Chef Habitat](https://www.habitat.sh/docs/get-habitat/) site.\n\n```bash\nhab pkg install chef/inspec --binlink\n\ninspec\n```\n\n### Run Chef InSpec\n\nYou should now be able to run:\n\n```bash\n$ inspec --help\nCommands:\n inspec archive PATH # archive a profile to tar.gz (default) ...\n inspec check PATH # verify all tests at the specified PATH\n inspec automate SUBCOMMAND ... # Chef Automate commands\n inspec compliance SUBCOMMAND ... # Chef Automate commands (backwards compatible alias)\n inspec detect # detect the target OS\n inspec exec PATH(S) # run all test files at the specified PATH.\n inspec help [COMMAND] # Describe available commands or one spe...\n inspec init TEMPLATE ... # Scaffolds a new project\n inspec json PATH # read all tests in PATH and generate a ...\n inspec shell # open an interactive debugging shell\n inspec supermarket SUBCOMMAND ... # Supermarket commands\n inspec version # prints the version of this tool\n\nOptions:\n [--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)\n```\n\n# Examples\n\n* Only accept requests on secure ports - This test ensures that a web server is only listening on well-secured ports.\n\n```ruby\ndescribe port(80) do\n  it { should_not be_listening }\nend\n\ndescribe port(443) do\n  it { should be_listening }\n  its('protocols') {should include 'tcp'}\nend\n```\n\n* Test your `kitchen.yml` file to verify that only Vagrant is configured as the driver. The %w() formatting will\npass rubocop linting and allow you to access nested mappings.\n\n```ruby\ndescribe yaml('.kitchen.yml') do\n its(%w(driver name)) { should eq('vagrant') }\nend\n```\n\nAlso have a look at our examples for:\n- [Using Chef InSpec with Test Kitchen \u0026 Chef Infra](https://github.com/chef/inspec/tree/main/examples/kitchen-chef)\n- [Using Chef InSpec with Test Kitchen \u0026 Puppet](https://github.com/chef/inspec/tree/main/examples/kitchen-puppet)\n- [Using Chef InSpec with Test Kitchen \u0026 Ansible](https://github.com/chef/inspec/tree/main/examples/kitchen-ansible)\n- [Implementing an Chef InSpec profile](https://github.com/chef/inspec/tree/main/examples/profile)\n\n## Or tests: Testing for a OR b\n\n* Using describe.one, you can test for a or b. The control will be marked as passing if EITHER condition is met.\n\n```ruby\ncontrol 'or-test' do\n impact 1.0\n title 'This is a OR test'\n describe.one do\n describe ssh_config do\n its('Protocol') { should eq('3') }\n end\n describe ssh_config do\n its('Protocol') { should eq('2') }\n end\n end\nend\n```\n\n## Command Line Usage\n\n### exec\n\nRun tests against different targets:\n\n```bash\n# run test locally\ninspec exec test.rb\n\n# run test on remote host on SSH\ninspec exec test.rb -t ssh://user@hostname\n\n# run test on remote windows host on WinRM\ninspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'\n\n# run test on docker container\ninspec exec test.rb -t docker://container_id\n\n# run test on podman container\ninspec exec test.rb -t podman://container_id --podman-url \"unix:///run/user/1000/podman/podman.sock\"\n\n# run with sudo\ninspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]\n\n# run in a subshell\ninspec exec test.rb --shell [--shell-options ...] [--shell-command ...]\n\n# run a profile targeting AWS using env vars\ninspec exec test.rb -t aws://\n\n# or store your AWS credentials in your ~/.aws/credentials profiles file\ninspec exec test.rb -t aws://us-east-2/my-profile\n\n# run a profile targeting Azure using env vars\ninspec exec test.rb -t azure://\n\n# or store your Azure credentials in your ~/.azure/credentials profiles file\ninspec exec test.rb -t azure://subscription_id\n```\n\n### detect\n\nVerify your configuration and detect\n\n```bash\nid=$( docker run -dti ubuntu:14.04 /bin/bash )\ninspec detect -t docker://$id\n```\n\nWhich will provide you with:\n\n```\n{\"family\":\"ubuntu\",\"release\":\"14.04\",\"arch\":null}\n```\n\n## Supported OS\n\nRemote Targets\n\n| Platform | Versions | Architectures |\n| ---------------------------- | ------------------------------------------------ | ------------- |\n| AIX | 6.1, 7.1, 7.2 | ppc64 |\n| CentOS | 6, 7, 8 | i386, x86_64 |\n| Debian | 9, 10 | i386, x86_64 |\n| FreeBSD | 9, 10, 11 | i386, amd64 |\n| macOS | 12.0 | x86_64, amd64 |\n| Oracle Enterprise Linux | 6, 7, 8 | i386, x86_64 |\n| Red Hat Enterprise Linux | 7, 8, 9 | i386, x86_64 |\n| Solaris | 10, 11 | sparc, x86 |\n| Windows\\* | 8, 8.1, 10, 2012, 2012R2, 2016, 2019 | x86, x86_64 |\n| Ubuntu Linux | | x86, x86_64 |\n| SUSE Linux Enterprise Server | 12, 15 | x86_64 |\n| Scientific Linux | 6, 7 | i386, x86_64 |\n| Fedora | | x86_64 |\n| OpenSUSE | 15 | x86_64 |\n| OmniOS | | x86_64 |\n| Gentoo Linux | | x86_64 |\n| Arch Linux | | x86_64 |\n| HP-UX | 11.31 | ia64 |\n| Alpine Linux | | x86_64 |\n\n\\**For Windows, PowerShell 5.0 or above is required.*\n\nIn addition, runtime support is provided for:\n\n| Platform | Versions | Arch |\n| -------- | -------- | ------ |\n| macOS | 12 | x86_64, arm64 |\n| Debian | 9, 10 | x86_64, aarch64 |\n| RHEL | 7, 8, 9 | x86_64, aarch64 |\n| Fedora | 29+ | x86_64, aarch64 |\n| Ubuntu | 16.04+ | x86_64, aarch64 |\n| Windows | 8+ | x86_64 |\n| Windows | 2012+ | x86_64 |\n\n## Documentation\n\nDocumentation\n\n * https://docs.chef.io/inspec/\n * https://docs.chef.io/inspec/resources/\n * https://github.com/inspec/inspec/tree/main/docs-chef-io\n\nLearn Chef:\n\n * https://community.chef.io/products/chef-inspec/#learn\n\nRelationship to other tools (RSpec, Serverspec):\n\n * https://docs.chef.io/inspec/inspec_and_friends/\n\n## Share your Profiles\n\nYou may share your Chef InSpec Profiles in the [Tools \u0026amp; Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).\n\nYou may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).\n\n## Kudos\n\nChef InSpec was originally created by Christoph Hartmann ([@chris-rock](https://github.com/chris-rock)) and Dominik Richter ([@arlimus](https://github.com/arlimus)).\n\nChef InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!\n\nThe AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).\n\n## Contribute\n\n1. Fork it\n1. Create your feature branch (git checkout -b my-new-feature)\n1. Commit your changes (git commit -am 'Add some feature')\n1. Push to the branch (git push origin my-new-feature)\n1. Create new Pull Request\n\nThe Chef InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.\n\nIf you'd like to chat with the community and maintainers directly join us in the `#inspec` channel on the [Chef Community Slack](http://community-slack.chef.io/).\n\nAs a reminder, all participants are expected to follow the [Code of Conduct](https://github.com/inspec/inspec/blob/main/CODE_OF_CONDUCT.md).\n\n[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)\n\n## Testing Chef InSpec\n\nWe offer `unit` and `integration` tests.\n\n- `unit` tests ensure the intended behaviour of the implementation\n- `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)\n\n### Unit tests\n\n```bash\nbundle exec rake test\n```\n\nIf you like to run only one test file:\n\n```bash\nbundle exec m test/unit/resources/user_test.rb\n```\n\nYou may also run a single test within a file by line number:\n\n```bash\nbundle exec m test/unit/resources/user_test.rb -l 123\n```\n\n### Integration tests\n\nThese tests download various virtual machines, to ensure Chef InSpec is working as expected across different operating systems.\n\nThese tests require the following gems:\n\n- test-kitchen\n- kitchen-dokken\n- kitchen-inspec\n\nThese gems are provided via the `integration` group in the project's Gemfile.\n\nIn addition, these test require Docker to be available on your machine or a remote Docker machine configured via the standard Docker environment variables.\n\n#### Running Integration tests\n\nList the various test instances available:\n\n```bash\nKITCHEN_YAML=kitchen.dokken.yml bundle exec kitchen list\n```\n\nThe platforms and test suites are configured in the `kitchen.dokken.yml` file. Once you know which instance you wish to test, test that instance:\n\n```bash\nKITCHEN_YAML=kitchen.dokken.yml bundle exec kitchen test \u003cINSTANCE_NAME\u003e\n```\n\nYou may test all instances in parallel with:\n\n```bash\nKITCHEN_YAML=kitchen.dokken.yml bundle exec kitchen test -c 3\n```\n\n## License\n\n| | |\n| -------------- | ---------------------------------------------- |\n| **Author:** | Dominik Richter (\u003cdrichter@chef.io\u003e) |\n| **Author:** | Christoph Hartmann (\u003cchartmann@chef.io\u003e) |\n| **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |\n| **Copyright:** | Copyright (c) 2017-2020 Chef Software Inc. |\n| **Copyright:** | Copyright (c) 2020-2023 Progress Software Corp.|\n| **License:** | Apache License, Version 2.0 |\n| **License:** | Chef End User License Agreement |\n\nPackaged distributions of Progress® Chef® products obtained from any authorised Progress Chef distribution source are made available pursuant to the Progress Chef EULA at https://www.chef.io/end-user-license-agreement, unless there is an executed agreement in effect between you and Progress that covers the Progress Chef products (\"Master Agreement\"), in which case the Master Agreement shall govern.\n\nSource code obtained from the Chef GitHub repository is made available under Apache-2.0, a copy of which is included below.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","funding_links":[],"categories":["Policy as code","Ruby","Ruby (88)","testing","Инструменты","Compliance and Governance"],"sub_categories":["Compliance-as-code","Kubernetes Audit"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finspec%2Finspec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finspec%2Finspec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finspec%2Finspec/lists"}