InSpec is compliance as code

InSpec is compliance as code – a human-readable language for automating the continuous testing and compliance auditing of your entire infrastructure. You can also use it to verify if your servers and applications are configured correctly.

Download InSpecStart the Demo


Platform Agnostic

InSpec supports all major operating systems and many applications out of the box.

Test Locally or Remotely

InSpec provides a local agent, as well as full remote testing support.

Free to Run Anywhere

InSpec is a language that can easily express compliance as code, with the freedom to run anywhere.

Fully Extensible Language

Easily extend the InSpec language to cover new operating systems, devices, or applications.


Code Snippet
Transform your compliance and security requirements into simple code.

Codify Agreements:

Combine profiles and customize them with overlays. Pick controls and define exceptions as code.

Add Context to Your Tests:

Supports many fields like descriptions, tags, and impact.

Apply to all systems:

Combine profiles and customize them with overlays. Pick controls and define exceptions as code.

Code Snippet
Solve your infrastructure testing needs simply and efficiently.

Test the desired state:

Match your infrastructure to your expectations.

Use simple and expressive code:

These tests are easy to understand by anyone, reducing friction.

Test any system anywhere:

Runs locally and remotely. Supports all major operating systems and configurations.

Extensible:

Easily create custom resources and share them.