Chef InSpec 5.22.29 Released!

Hello InSpec friends!
We are delighted to announce the availability of version 5.22.29 of Chef InSpec. Changes include:

End User License Agreement

We've updated the Chef End User License Agreement (EULA).
The terms of the EULA are the same as they were before, but we've created three licensing tiers: Free, Trial, and Commercial.

The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time.
The Trial tier allows trial users to scan unlimited targets for 30 days.
The Commercial tier gives users the features and benefits that come with the subscription they've purchased.

Contact Chef Support for more information.

Security Updates

Updates in this release provide fixes for the following CVE(s):

  • CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile (#6721)


  • Updated the Docker base image to support Ubuntu 22.04. (#6526)
  • Updated the Docker base image to support Mac M1 (#6541)
  • Updated the --reporter and --config CLI options so that reporter options in a config file are merged with reporter options set with the --reporter CLI option. (#6568)

Bug Fixes

  • Fixed controls in waiver files that were not getting waived if the control failed. (#6588)
  • Fixed inspec exec so that it can correctly fetch a profile from a repository that isn't managed with Git and doesn't have a .git directory. (#6640)
  • Fix for missing nil check for control variable in formatter's base. (#6629)

Get the Build

You can download binaries directly from Chef Downloads.