Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zenable.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Chef InSpec tests infrastructure state by querying running systems or cloud APIs. It verifies OS configuration, installed packages, network settings, and cloud resource properties.

Capabilities

  • Tests against live infrastructure (servers, containers, cloud resources)
  • Rich resource library for AWS, Azure, GCP, and OS-level checks
  • Compliance profiles map to regulatory frameworks
  • Human-readable test output

Limitations

  • Requires a running system or cloud API access
  • Not applicable to source code analysis — check out Semgrep or CodeQL for source code checks
  • Tests state at a point in time, not code patterns

Generated Format

  • Language: Ruby
  • Structure: InSpec control files with control, describe, and it blocks
  • Execution: inspec exec profile/

Example Guardrail

control 's3-encryption' do
  impact 1.0
  title 'Ensure all S3 buckets have encryption enabled'

  aws_s3_buckets.bucket_names.each do |bucket|
    describe aws_s3_bucket(bucket) do
      it { should have_default_encryption_enabled }
    end
  end
end
Learn more at Chef InSpec documentation and resources reference.