I notice that many of the community controls have helpful descriptions of each control in the “desc” field, and even helpful “refs” which link to articles that explain the deeper meaning of the issue. For instance in the dev-sec/cis-docker-benchmark, using the JSON output I can see:
We’re looking to use InSpec as a standalone tool, and not use Chef Automate or Chef Compliance. I understand that those solutions provide more robust report aggregation, but that’s just not in our scope right now.
Asking my teammates to review JSON-formatted reports is just asking for trouble. I was hoping that the html reporter would also include this info, but it sadly does not. I can’t find any other reporter which has it.
My wish-list is for a great InSpec reporter is:
- helps the reader understand the issue, and how to fix it, by exposing the “desc” and “refs” info.
- renders to html so that we can store them anywhere, and retrieve them thru a browser
- bumps the failures to the top, so that the reader doesn’t have to sift thru hundreds of “passing” results to find the failing ones. (perhaps a summary of the failures at the top would do)
Does anything already exist which would meet these wishes?
Or is there a good place I can request a feature enhancement for these?