Chef announces InSpec 2.0 with new DevSecOps capabilities

Chef has announced the latest release of its compliance automation tool. InSpec 2.0 is designed to accelerate DevSecOps with cross-functional, infrastructure, security, assessment, and remediation features.

“InSpec 2.0 builds on our commitment to build the essential tools and services needed for modern application teams to truly deliver on the promise of DevSecOps, fully integrating security with development and deployment for traditional and cloud-native software delivery,” said Marc Holmes, vice president of marketing at Chef “InSpec provides an easy-to-learn, open-source path to incorporating security and compliance requirements as code directly with the delivery process, ensuring that applications and infrastructure are compliant every step of the way — not just at the end of the process.”

According to the company, InSpec reduces assessment and remediation time by up to 95 percent compared to manual processes. In addition, Chef says the release runs 90 percent faster than the previous version on Windows and 30 percent faster on Linux.

Other features include cloud configuration compliance to give users the ability to write compliance rules against cloud resources, an improved user experience with more than 30 new resources for writing compliance rules, new integrations, and improved performance.

“InSpec has helped us unify our compliance, security and DevOps teams and streamlined audits, reducing the thousands of staff hours usually required by as much as 95 percent and eliminating duplication of effort and data throughout the process,” said Jon Williams, CTO of niu Solutions, a cloud infrastructure and compliance provider. “It has given these teams more control over compliance policies and enabled business units to be more active in maintaining their own environments. Most critically, it allows us to continually monitor for audit compliance, ensuring desired state and eliminating change drift between nodes.”

According to Chef, InSpec is the company’s first step towards an “Detect, Correct, Automate” approach for cloud migration and continuous automation. This approach is designed to speed up each stage of the software delivery process with no performance impact or side-effects.