Happy New Year DevSec users,
from day one of the DevSec Hardening Framework project, we used the same test suites for our Ansible, Chef and Puppet implementations. Those test suites have been implemented in Serverspec and helped us to enforce the same rules for all hardening implementations. The combination with test-kitchen allowed us to easily test Ansible, Chef and Puppet implementations across the multiple operating systems with the same test suites.
The DevSec Hardening Framework grew and users requested additional documentation around our recommendations. We always used industry best-practices, but it would be even better to attach more information directly to our tests. InSpec builds on the learnings of Serverspec and allowed us to add more meta-data to each test. A Serverspec test like:
could easily represented in InSpec as:
With InSpec we are able to document and implement our security checks in one language. We used the opportunity to adapt all of our test suites to use InSpec. Now, users are able to run our tests standalone as well. Therefore we are going to call them
baseline instead of
tests. The following baselines are available now:
Operating System Baselines:
To use the DevSec Hardening Framework baselines just install InSpec. All our baselines are registered in Chef Supermarket:
You can run the baselines directly from Github as well:
Since those baselines can be executed independently, you could verify the state of your servers immediately.
We are looking forward to get feedback.