Chef InSpec three.0 horns in on Terraform territory
Chef InSpec iii.0 can scan Terraform infrastructure-as-code files for security and compliance gaps, which knocked HashiCorp Sentinel off the evaluation listing at Chef customer Pacific Life.
Chef's updated InSpec tool encroaches on HashiCorp'south turf and has turned heads in one enterprise IT store, as it...
automates its compliance policies aslope infrastructure as code.
Chef InSpec iii.0, rolled out in full general availability this week, broadens back up to include HashiCorp Terraform infrastructure-as-code file scans. This coverage overlaps with HashiCorp's own Sentinel compliance-as-code tool, which also works with HashiCorp's Delegate, Nomad and Vault. The tools tin exist used alongside one another: Scout validates Terraform, Delegate, Nomad and Vault policies before any changes are practical, while InSpec tin run on a provisioned automobile to monitor changes at a lower layer than Terraform.
However, Chef InSpec iii.0 adds similar validation features for Terraform files before users provision infrastructure through the InSpec Generator, which also supports tools beyond the HashiCorp portfolio. This gave the tool a foot in the door at Pacific Life, a financial services company in Newport Beach, Calif.
IT pros in the Pacific Life corporate IT and retirement services divisions already use Chef Server and Terraform, merely lean toward Chef InSpec, which they run in lab and test/dev environments, as their futurity compliance-every bit-code tool of choice for production.
"We're aware of [Picket], just we're also big into [AWS] CloudFormation and [are] just starting to use Terraform," said Benjamin Peterson, cloud architect at Pacific Life. "For a lot of our CloudFormation templates, we're interested in general static code analysis."
Chef InSpec makes compliance code both human- and machine-readable, which is important, as the company transfers compliance policy rules from documents to code, merely wants to keep nontechnical business stakeholders involved.
"Yous can iterate on it pretty easily," said Hans Nesbitt, cloud engineer at Pacific Life. "Instead of having to alter a whole document, y'all can change a couple of lines of lawmaking. Simply everyone still reads information technology the same manner."
Chef InSpec could play a fundamental role as Pacific Life pursues a DevSecOps strategy, but it doesn't completely fill the visitor's need for security-focused, test-driven development tools.
"InSpec applies more on the functional and arrangement integration testing side versus unit of measurement testing for applications," Peterson said. "Nosotros want to shift security left, but Chef InSpec takes us only so far left."
Chef checks off InSpec user wish list items, gives roadmap hints
We want to shift security left, but Chef InSpec takes united states merely so far left. Benjamin Petersoncloud architect, Pacific Life
Chef InSpec 3.0 overhauls the tool's exception handling, so InSpec scans can skip some controls if compensating measures already are in identify. InSpec too can characterization some failures as acceptable based on the environment's specific compliance priorities. This cuts downwardly on the number of alerts that admins receive for irrelevant issues -- an update high on users' wish lists at ChefConf in May 2018. And it was crucial for the tool to motility forward in Pacific Life's evaluation process, Peterson said.
In July 2018, Chef added another customer wish listing item for noise reduction: alarm deduplication for the Chef InSpec integration with ServiceNow'southward service desk ticketing system. Automatic InSpec updates for the ServiceNow alter management database will follow in a future Chef InSpec release, Chef officials said.
Chef also fabricated skilful on a hope to support users' custom Remainder APIs with a customizable plugin architecture in version 3.0.
Chef InSpec'southward Kubernetes and Docker back up for container adopters remains in a state analysts chosen rudimentary in version 2.0, but that's because specific compliance templates based on Heart for Cyberspace Security (CIS) controls validated for Kubernetes environments are even so in the works.
Similarly, efforts are afoot to correlate compliance regimen-specific controls, such as PCI, COBIT and GDPR, with CIS benchmarks and create starter kits for each of those regulations in Chef Automate'southward premium content database. Finally, support for detailed exception treatment reports is as well planned for future versions.
Next Steps
Progress steers Chef InSpec toward CSPM
Dig Deeper on Systems automation and orchestration
Progress steers Chef InSpec toward CSPM
Past: Beth Pariseau
HashiCorp Terraform 1.0 features stability, upgrade relief
By: Beth Pariseau
VMware buys SaltStack for security, configuration management
By: Beth Pariseau
Progress Software battles legacy rep amid Chef Software buy
0 Response to "Chef Automate Inspec Compliance Upload New Version Creates 2 Versions"
Post a Comment