Hello InSpec friends!
We are delighted to announce the availability of version 6.6.0 of Chef InSpec. Changes include:
Chef licensing
Chef InSpec now requires a license key to run.
Before you can execute scans with InSpec, you must accept the Chef EULA and add a license key.
Commercial users can find their license key in Chef Support Hub. Users can request a Free or Trial license that comes with product limitations. See the license tiers section below.
For more information on adding a license key to InSpec and Chef licenses, see Chef InSpec's licensing documentation and Chef licensing documentation.
License tiers
We've updated the Chef End User License Agreement (EULA). The terms of the EULA are the same as they were before, but we've created three license tiers: Free, Trial, and Commercial.
The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time.
The Trial tier allows trial users to scan unlimited targets for 30 days.
The Commercial tier gives users the features and benefits that come with the subscription they've purchased.
Users who would like to try Chef InSpec 6 can request a free or trial license, which comes with product limitations.
See our licensing documentation or contact Chef Support for more information.
New features
InSpec Parallel
The new inspec parallel command allows you to simultaneously run multiple audits on multiple cloud or on-prem targets.
This can speed up audits and allow you to remediate problems more quickly.
For more information, see the InSpec Parallel documentation
Audit Logging (Preview)
Audit Logging logs the commands and file accesses made through the underlying Train connection.
To enable this feature, set the environment variable CHEF_PREVIEW_AUDIT_LOGGING to any non-empty value and Chef InSpec will write logs to ~/.inspec/logs/inspec-audit-TIMESTAMP-PID.log in JSON format.
This is a preview feature with limited capabilities. We are seeking user feedback for future feature development.
For more details, see InSpec Audit Log.
Mandatory Profile Signing (Preview)
If you set the environment variable CHEF_PREVIEW_MANDATORY_PROFILE_SIGNING to any non-empty value, Chef InSpec 6 will only execute signed profiles for all profile executions.
Signed profiles, or .iaf files, are digital artifacts created using the inspec sign command.
They can be used to create a chain of trust between your content author and your compliance target.
For more information on the feature, which is in preview in Chef InSpec 6 but will be enabled in a future major version, please see InSpec Signing.
Bug Fixes
Waiver files
We improved how InSpec handles malformed waiver files. (6644)
Previously, InSpec would run until it finished processing a profile and then return an error if there was a problem with a waiver file. Error messages could be quite long and it could take InSpec hours to complete large profiles, wasting users' time.
Now InSpec exits immediately and returns an error if it detects a malformed waiver file. This includes waiver files missing required parameters and YAML files that fail linting.
InSpec Check and InSpec Export
We overhauled the inspec check and inspec export commands to use the parser library to improve security. (6849)
Breaking Changes
- We no longer support Ruby 2.7 since it became end-of-life (EOL) in March 2023.
Get the Build
You can download binaries directly from Chef Downloads.