CIS Kubernetes and CIS Independent Linux Benchmark

The mission of DevSec Hardening Framework is to provide users with the best content to stay secure across their infrastructure fleet. We started by providing hardening solutions written in Chef cookbooks, Puppet modules as well as Ansible modules. Beginning of this year, we started to transform our testing suite into...


chef-windows-hardening 0.9.0 is released

DevSec Hardening Framework project is releasing a new minor release chef-windows-hardening today. The release introduces the, always, disabling of SMB1 protocol on Windows operating systems. Note: This resource was introduced in the wake of the WannaCrypt/WannaCry ransomware worm which exploits a known vulnerability in the SMBv1 protocol Highlights and breaking...


New Ansible os-, ssh- and mysql-hardening releases

Hey friends, We released new versions of ansible-os-hardening, ansible-ssh-hardening and ansible-mysql-hardening! These releases are important to us in multiple ways: As always, they provide new features and configuration possibilities for you to use! More on that below. Complete tests in TravisCI Furthermore we now leverage the full possibilities of TravisCI...


Chef Software is contributing OpenStack Baseline

I am happy to announce that the Chef Partners Team contributed a new OpenStack Baseline to our DevSec project. This Baseline is implementing the OpenStack Security Guide in InSpec. JJ Asghar will continue to be a core maintainer. The baseline is already covering a wide range of checks for: block-storage...


chef-os-hardening 2.0.0 is released

DevSec Hardening Framework project is releasing a new major release chef-os-hardening 2.0.0 today. The major points of this release are listed below, however there are also many changes under the hood like cleanups of documentation, improvements of the cookbook testing. Many thanks for the contributions and help we received from...