> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenable.io/llms.txt
> Use this file to discover all available pages before exploring further.

# InSpec

> Infrastructure compliance testing against live systems

## Overview

Chef InSpec tests infrastructure state by querying running systems or cloud APIs. It verifies OS configuration, installed packages, network settings, and cloud resource properties.

## Capabilities

* Tests against live infrastructure (servers, containers, cloud resources)
* Rich resource library for AWS, Azure, GCP, and OS-level checks
* Compliance profiles map to regulatory frameworks
* Human-readable test output

## Limitations

* Requires a running system or cloud API access
* Not applicable to source code analysis -- check out [Semgrep](/integrations/guardrails/semgrep) or [CodeQL](/integrations/guardrails/codeql) for source code checks
* Tests state at a point in time, not code patterns

## Generated Format

* **Language:** Ruby
* **Structure:** InSpec control files with `control`, `describe`, and `it` blocks
* **Execution:** `inspec exec profile/`

## Example Guardrail

```ruby theme={null}
control 's3-encryption' do
  impact 1.0
  title 'Ensure all S3 buckets have encryption enabled'

  aws_s3_buckets.bucket_names.each do |bucket|
    describe aws_s3_bucket(bucket) do
      it { should have_default_encryption_enabled }
    end
  end
end
```

Learn more at [Chef InSpec documentation](https://docs.chef.io/inspec/) and [resources reference](https://docs.chef.io/inspec/resources/).