InSpec is compliance as code

Chef NYC Meetup on April 20: Compliance as Code with InSpec

Join us!

Automated testing, codified

InSpec is an open-source testing framework for infrastructure with a human-readable language for specifying compliance, security and other policy requirements. Easily integrate automated tests that check for adherence to policy into any stage of your deployment pipeline.


InSpec is compliance by design

Platform Agnostic

InSpec supports all major operating systems and many applications out of the box.

Free to run anywhere

InSpec is a language that can easily express compliance as code, with the freedom to run anywhere.

Test locally or remotely

InSpec provides a local agent, as well as full remote testing support.

Extensible language

Easily extend the InSpec language to cover new operating systems, devices, or applications.

Inspec for compliance

Transform your compliance and security requirements into simple code

Codify agreements

Combine profiles and customize them with overlays. Pick controls and define exceptions as code.

Add context to your tests

Utilize many fields like descriptions, tags, and impact.

Apply to all systems

Analyze everything using the same codified profiles and controls.

control 'sshd-21' do
title 'Set SSH Protocol to 2'
desc 'A detailed description'
impact 1.0 # This is critical
ref 'compliance guide, section 2.1'

describe sshd_config do
  its('Protocol') { should cmp 2 }
Try the Demo
Inspec for infrastructure

Solve your infrastructure testing needs simply and efficiently

Test the desired state

Verify your infrastructure matches your expectations.

Use simple and expressive code

Reduce friction by writing tests that are easy to understand by anyone.

Test any system anywhere

Run tests locally or remotely on all major operating systems and configurations.


Create custom resources with ease and share them.

describe file('/etc/myapp.conf') do
it { should exist }
its('mode') { should cmp 0644 }

describe myapp.conf do
its('port') { should cmp 8080 }

describe port(8080) do
it { should be_listening }
Try the Demo