The first Infracoders/DevOps/CloudNative Meetup after the summer break took place on the 11th of September, 2018 in Graz. About 15 Infracoders were excited about what Edmund Haselwanter, CEO of the Infralovers, was going to tell about compliance automation.
Edmund started his presentation with a litte bit of history. Many customers have asked him as a consultant, if it was possible to automate their compliance profiles. The good answer: It was and - of course still is - possible. Edmund used ServerSpec for compliance check automation. It is open source and fits your environment, no matter if you are using Chef, Puppet or Ansible for your infrastructure automation. As time passed by, InSpec was released and it is now the first choice for Edmund. It is inspired by ServerSpec and brings advantages like:
- Compliance primitives (profiles, weight, description, …)
- Better transport options (SSH/WinRM/Docker)
- A lot more resources
InSpec 2.0 even supports cloud platforms like AWS, Azure, … and at the moment Chef Inc. is working on InSpec 3.0.
What is InSpec exactly?
With InSpec you can turn your compliance profiles into code. All you need to do is to define your policy. Once you have done that, InSpec helps you move risks to build and test from runtime. You save a lot of time, and lower your cost, as it is possible to find issues faster, write code quickly and run the code wherever you want. This can be used for machines, data and also for APIs. This makes InSpec a crucial part of a continuous workflow. With InSpec you can detect your security vulnerabilities. With Chef, or any other configuration management tool, you can correct them automatically.
The development from manual compliance to automated compliance leads to changes:
- Instead of reactive engagement you will have proactive engagement.
- No need for checking implementations by hand as you express policy as testable code.
- Your compliance won’t be short term anymore and you can profit from long term process improvement.
After the theoretical input, Edmund showed as some demos with Linux, Windows and AWS machines to help us understand InSpec a bit better.
He also introduced Chef Automate, which is an commercial offering from Chef Inc. Chef Automate covers building, deploying and managing for continuous automation which again has the following advantages:
- Increase speed
- Improve efficiency
- Decrease risk
It comes with readymade compliance profiles and supports notifications for Slack, ServiceNow or your own custom solution.
After some additional automate demos for AWS and Windows, and a F&Q session, all Infracoders went to the bar to connect with each other. It was a great exchange with peers, especially because of all the new Infracoders who joined the Meetup.
We are already looking forward to seeing you at the next Infracoders/DevOps/CloudNative Meetup in November. If you have any question about this talk, or compliance automation in general, do not hesitate to contact Edmund via e-mail: firstname.lastname@example.org or Twitter @ehaselwanter.