Wednesday, September 28, 2016

Compliance as Code with InSpec 1.0 [feedly]

Compliance as Code with InSpec 1.0

-- via my feedly newsfeed

InSpec is an open-source testing framework with a human-readable language for specifying compliance, security and other policy requirements. Just as Chef treats infrastructure as code, InSpec treats compliance as code. The shift away from having people act directly on machines to having people act on code means that compliance testing becomes automated, repeatable, and versionable. Traditionally, compliance policies are stored in a spreadsheet, PDF, or Word document. Those policies are then translated into manual processes and tests that often occur only after a product is developed or deployed. With InSpec, you replace abstract policy descriptions with tangible tests that have a clear intent, and can catch any issues early in the development process. You can apply those tests to every environment across your organization to make sure that they all adhere to policy and are consistent with compliance requirements. Inspec applies DevOps principles to security and risk management. It provides a single collaborative testing framework allowing you to create a code base that is accessible to everyone on your team. Compliance tests can become part of an automated deployment pipeline and be continuously applied. InSpec can be integrated into your software development process starting from day zero and should be applied continuously as a part of any CI/CD lifecycle. In this webinar, we'll explore how InSpec can improve compliance across your applications and infrastructure. Join us to learn about: - What's new in InSpec 1.0 - InSpec enhancements for Microsoft Windows systems - Integration between InSpec and Chef Automate Who should attend: Security experts, system administrators, software developers, or anyone striving to improve and harden their systems one test at a time.

No comments:

Post a Comment