Building security into your workflow with InSpec


InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines. This talk covers the basics of working with InSpec, writing tests to reflect your organization’s security guidelines, and managing InSpec as part of a high-velocity workflow.

Speaker

eric-maxwell

Eric Maxwell

Eric Maxwell is a Success Engineer at Chef Software and is focused on making companies more awesome by helping them ‘do the DevOps’ and enabling them to ship at velocity. Eric has helped dozens of the world’s top companies adopt Chef tools and DevOps methodologies while assisting with their DevOps transformation. Based in Portland, Oregon, USA, Eric runs the Chef PDX meetup and is active on the speaker circuit spreading the love of DevOps. In past lives, Eric was a back-end engineer, a big-data engineer, and a professional social engineer.