Skip to main content

Chef InSpec Release Notes

Chef InSpec 5.22.3

New Features

train-kubernetes

The train-kubernetes plugin now ships with Chef InSpec. This plugin allows you to perform compliance checks with the Kubernetes API. (#6512)

See the documentation on train plugins for more information about using train with Chef InSpec. See the train-kubernetes repository for more information on train-kubernetes.

New resources

Added the new nftables InSpec audit resource. This allows you to test IP packet filtering rules that are defined with nftables. (#6499)

Improvements

  • Added support to the postgres_session resource for custom ports with a socket connection to the . (#6494)

Packaging

RHEL 9

Added support for installing Chef InSpec on RHEL 9. Scanning support already existed. (#6403)

Bug Fixes

  • Fix for a profile gem dependency loading issue when a dependent gem is required inside profile libraries. (#6408)
  • Fix for when a version of a profile dependency is specified that doesn’t follow SemVer format. (6410)
  • Fix for configuring headers in the http resource on Windows using remote transport. (#6484)
  • Fix for host resource to resolve multiple IP addresses on Windows. (#6481)

Chef InSpec 5.21.29

New Features

  • Added the --enhanced-outcomes option to the InSpec CLI. (#6145)
  • Added support for waiver files in CSV and JSON file formats. (#6369)
  • Added new Podman resources for testing containers, images, pods, volumes, and networks. (#6183)
  • Added the only_applicable_if keyword to the InSpec DSL. This allows you to mark a control as “not applicable” if the only_applicable_if block evaluates to false. (#6229)

Enhancements

  • Enhanced the lxc resource to test properties (#6243)

Bug Fixes

  • Fixed the inspec sign command which would break if a period was included in the profile name. (#6261)
  • Fixed compatibility issues with the oracledb_session resource when run on AIX with C shell. (#6257)
  • Fixed the launchd_service resource so that a negative status does not make it crash. (#6262)
  • Fixed an issue when installing the train-kubernetes plugin. (#6334)
  • Fixed an undefined method error when running an InSpec command in airgrapped environments. (#6337)
  • Update Ruby from 2.7.4 to 3.1.2 for omnibus builds. This fixes two CVEs (CVE-2021-41819 and CVE-2021-41816). (#6341)
  • Fixed a bug in profiles that have a dependency that includes a dash followed by a release version (e.g. 2.2.0-13). (#6377)

Chef InSpec 5.18.14

New Features

Enhancements

  • Enhanced the x509_certificate resource with new properties and matchers. (#6041)

Bug Fixes

  • Fixed the processes resource to consider processes without paths on Windows. (#6100)
  • Fixed a situation in which having a dependency on the same profile at different versions could lead to misleading results. (#6074)

Chef InSpec 5.17.4

New Features

  • Added zfs resource (#6004)

Bug Fixes

  • Fixed service resource on amazonlinux2022 (#5998)
  • Fixed inspec json command failing to populate the inputs field for the profile (#6056)
  • Fixed profile gem dependency installation failure when gem version is not specified (#6057)

Chef InSpec 5.14.0

New Features

  • Added default_gateway resource (#5979).
  • Added linux_audit_system resource (#5988).

Improvements

  • Enhanced file resource, adding be_immutable matcher, content_as_yaml and content_as_json properties (#5986).
  • Enhanced service resource with be_monitored_by and have_start_mode matchers (#5981).
  • Enhanced group resource with have_gid matcher (#5987).

Bug Fixes

  • By default, make cookstyle checks for inspec check optional (#5989).

Chef InSpec 5.12.2

New Features

  • Added mail_alias resource (#5961)
  • Added routing_table resource (#5972)

Improvements

  • Enhancements to output of progress-bar reporter (#5966)
  • Enhanced docker_container resource with have_volume matcher (#5944)
  • Enhanced docker_image resource with low-level “inspection” properties. (#5945)
  • Enhanced user resource with new matchers and properties (#5959)

Bug Fixes

  • Fixed the service resource on BSD to ensure installed: true isn’t always returned. (#5948)
  • Updated Cisco XE device detection (train #728)

Chef InSpec 5.10.5

New Features

  • Added linux container resource lxc. (#5921)
  • Re-added ppa resource. (#5931)
  • Added cgroup resource. (#5935)

Improvements

  • Added the ability to detect Kubernetes and Podman containers to the virtualization resource. (#5796)
  • Description added to inspec plugin list and search commands. (#5936)

Bug Fixes

  • Fixed postgres_session resource to allow query errors to be tested rather than treated as control failures. (#5937)
  • Fixed oracledb_session resource when query has empty result. (#5938)
  • Fixed command timeout ignored when used with sudo on ssh transport. (train #727)

Chef InSpec 5.7.9

New Features

  • Enable SSL-based authentication over WinRM. (#5793)
  • Added resource_id property in the base class resources and also added to the JSON-based reporters. (#5875, #5890)
  • Added the ipnat resource. (#5883)
  • Added the ipfilter resource. (#5880)
  • Added progress-bar real-time reporter. (#5863)
  • Added ability to declare and install gem dependencies part of the profile metadata file. (#5871)
  • Added the cron resource, a compatibility alias for the crontab resource. (#5891)
  • Added a resource code generator, inspec init resource. (#5913)

Improvements

  • Added target_id sourced from train to the reporter interface. (#5895)
  • Added new properties and matchers to the firewalld resources. (#5597)
  • Added lazy_instance option to FilterTable, allowing plural resource definitions to conveniently access the resource instance with the lazy-loading columns. (#5916)

Bug Fixes

  • Fixed --no-diff option when the message contains a newline. (#5884)
  • Fixed the inspec automate version command to work properly. (#5893)

Breaking Changes

  • InSpec is now based on Ruby 3. You may need to reinstall plugins and gem dependencies of plugins.
  • Removed legacy AWS and Azure resources from InSpec core. Since 2018, active development on these resources was part of the resource packs, and these old versions are not maintained. (#5915)
  • Deprecated the --target-id CLI option. (#5918)

Chef InSpec 4.56.20

Bug Fixes

  • Updated Cisco XE device detection (train #728)
  • Make cookstyle checks for inspec check optional by default (#5992)

Chef InSpec 4.56.19

Bug Fixes

  • Fixed postgres_session resource to allow query errors to be tested rather than treated as control failures. (#5942)
  • Fixed oracledb_session resource when query has empty result. (#5943)
  • Fixed command timeout ignored when used with sudo on ssh transport. (train #727)

Chef InSpec 4.56.17

New Features

  • Added timezone resource. (#5758)
  • Added user_permissions property and be_inherited matcher to the registry_key resource. (#5778)
  • Added user_permissions property and be_inherited matcher to the file resource for Windows. (#5775)
  • Added kernel_parameters resource. (#5782)
  • Added support for streaming reporter plugins. (#5829)

Improvements

  • Added esx platform support to the bash resource. (#5785)
  • Added ability to check whether a package is latest in the package resource. (#5771)
  • Added option to ignore rule comments in the ip_table resource. (#5777)
  • Simplify inheritance of core resources into custom resources. (#5816)
  • Added target_id sourced from train back to the reporter interface. (#5917)
  • Added new properties and matchers to the firewalld resources. (#5919)
  • Added lazy_instance option to FilterTable, allowing plural resource definitions to conveniently access the resource instances with the lazy-loading columns. (#5922)

Bug Fixes

  • Fixed parsing of multiline results in the mssql_session resource. (#5776)
  • Fixed an issue with the package resource when matching certain version numbers. (#5797)
  • Ensure that the CLI option, --insecure works with dependent profiles loaded with self-signed SSL certificates. (#5799)
  • Fixed grub_conf resource to capture non-indented grub conf values. (#5810)
  • Fixed sestatus: command not found error on Amazon Linux 2. (#5828)
  • Fixed --no-diff option when the message contains only one newline. (#5884)
  • Fixed the inspec automate version command to work properly. (#5893)

Breaking Changes

  • Drop testing support for EOL Ruby 2.5. (#5783)

Chef InSpec 4.52.9

New Features

  • Added remote target support for Alpine Linux. (#5744)
  • Added a CLI option for executing profiles from private Supermarkets. (#5749)
  • Added the ability to specify a proxy as a parameter in the http resource. (#5757)
  • Added a CLI option to set an SSH configuration file path for SSH transport. (#5759)
  • Added support for TLS 1.3 to the ssl resource. (#5762)

Bug Fixes

  • Fixed an edge case in the service resource where InSpec may falsely detect services as enabled on FreeBSD if that service is the suffix of another enabled service. (#5606)
  • Fixed the ibmdb2_session resource so that it now correctly accepts queries with clauses. (#5742)
  • Fixed the oracledb_session resource to properly handle nil in the query output. (#5717)
  • Fixed the packages resource to correctly list only installed packages on Alpine Linux. (#5765)

Chef InSpec 4.50.3

New Features

  • Add Windows support to the http resource. (#5697)

Bug Fixes

  • Add Rake as a runtime dependency to fix an issue with Cookstyle integration when running under Habitat. (#5722)

Backward Incompatibilities

  • Temporarily disable non-functional Cookstyle integration on Windows (#5724)

Chef InSpec 4.49.0

New Features

  • Added support for testing Cassandra DB configurations and CQL commands. (#5683)
  • Added the CLI option --filter-waived-controls to increase execution speed when using waivers. (#5327)
  • Integrated inspec check with Cookstyle. (#5618)

Enhancements

  • Restored support for Ubuntu 16.04 packages and testing. (#5689)

Bug Fixes

  • Resolved case-sensitivity issue for Windows users and group resources. (#5667)
  • Fixed the oracledb_session resource when invoking a query using OS user and DB role.(#5702)
  • Additional oracledb_session resource fixes. (#5706)

Chef InSpec 4.46.13

Enhancements

  • Added rocky and almalinux Linux distributions to service resource. (#5604)
  • Added the ability to handle files without headers in the csv resource. (#5665)
  • Added the option to establish connection using a UNIX socket in the postgres_session resource. (#5664)
  • We now build packages for Debian 11, macos 12, and Windows 11/2022. (#5675)

Bug Fixes

  • Fixed the –tags filter for dependent profiles. (#5657)
  • Fixed the –controls filter for dependent profiles. (#5656)
  • Fixed the opa_cli and opa_api resources so they are able to verify an empty result. (#5671)

Chef InSpec 4.41.20

Improvements

  • Added support for Alibaba Cloud Linux 3 to the Chef InSpec service resource. (#5578)
  • Replaced the WMI command-line (WMIC) utility in the Chef InSpec security_identifier resource with Common Information Model (CIM) cmdlets as the WMIC utility will be deprecated soon. (#5636)
  • Adjusted the exit code to Normal when attempting to install a plugin that is already installed. (#5625)

Bug Fixes

  • Fixed range based filtering in filter tables (#5598)
  • Fixed an issue in the Chef InSpec apache_conf resource when the ServerRoot is not specified in the Apache configuration file. (#5601)
  • Fixed an issue when testing files with chef exec where the --insecure flag doesn’t bypass SSL verification when downloading profiles over HTTPS. (#5600)
  • Fixed the inspec --chef-license=accept invocation to only show the license acceptance message and not show the InSpec CLI help command output. (#5609)
  • Fixed an error in the Chef InSpec postgres_session resource where the resource was unable to connect to a database. (#5619)
  • Fixed an error in the Chef InSpec apache_conf resource where it would overwrite any Apache configurations from the main Apache configuration file with configurations from any included configuration files. (#5623)
  • Updated the default branch from master to main in the Git URL for the inspec-aws repository, which is used when running inspec init. (#5637)
  • Updated the default branch from master to main in the inspec-gcp and inspec-azure repos. (#5642)
  • Fixed an error where the Chef InSpec security_policy resource returned a comma-separated string of local groups (rather than SIDs) instead of an array. (#5629)
  • Updated the git fetcher to handle profiles that have a default git branch that is not master. (#5638)
  • Fixed a regression related to processing tags in certain formats using the --tags CLI option. (#5643)

Chef InSpec 4.41.2

New Features

  • Added support for Open Policy Agent: added resources opa_cli and opa_api. (#5592)

Improvements

  • Added mongodb_session resource and docs. (#5572)
  • Added --tags option to CLI exec command to filter controls by tag. (#5596)

Bug Fix

Chef InSpec 4.38.9

Enhancements

  • The mssql_session resource now allows named connections by no longer forcing a port. (#5584)
  • The PostgreSQL resources (postgres_session, postgres_conf, postgres_hba_conf, and postgres_ident_conf) now work with Windows. (#5576)

Bug Fixes

  • Fixed a bug that caused the year in an expiration date to be misinterpreted in waiver files. (#5586)

Backward Incompatibilities

  • Reverted adding the x25519 gem which adds the ED25519 SSH key exchange algorithm because it was causing segmentation faults. (#5590)

Chef InSpec 4.38.3

New Features

  • Added a new mongodb_conf resource. (#5562)

Bug Fixes

  • Corrected the AWS_SECRET_ACCESS_KEY environment variable name in the documentation. (#5566)
  • Changed the Windows local pipe server connection to retry once on EPIPE. (train #694)
  • Exceptions are now handled correctly in the oracledb_session resource. (#5567)

Chef InSpec 4.37.30

Improvements

  • Added support for Ed25519-based SSH key exchange algorithms. (#5563)

Bug Fixes

  • Fixed the mysql_session resource to raise an exception if there is an error in a connection or query. (#5551)
  • Fixed the postgres_session resource to raise an exception if there is an error in a connection or query. (#5553)

Chef InSpec 4.37.25

Bug Fixes

  • Fixed the inspec shell to allow loading profiles that have their own dependent profiles. (#5547)
  • Docs correction: sshd_config is for daemon, not client. Thanks for this fix, @jblaine! (#5549)

Chef InSpec 4.37.23

Improvements

  • Updated the inspec init plugin command (#5536) with the following changes:

    • The values of flags passed to the inspec init plugin command are now wrapped in double quotes instead of single quotes.
    • Template files are now ERB files.
    • The activator flag replaces the hook flag, which is now an alias.
  • Added Ubuntu to the list of FIPS-enabled platforms. (#5533)

Backward Incompatibilities

  • Removed support for Chef Compliance Server and Chef Automate 1 from the inspec automate command, as both products are EOL. (#5534)

Chef InSpec 4.37.20

Bug Fixes

CLI command fixes:

  • inspec automate login --help outputs the correct URL (5529)
  • inspec detect --no-color returns color-free output (#5530)

Backward Incompatibilities

  • This release ends support for EOL Ubuntu 16.04 and builds on 18.04 (#5532)

Chef InSpec 4.37.17

Improvements

  • Added support for zfs_pool and zfs_dataset resources on Linux (#5523)
  • Add docs for toml resource (#5514)
  • Add CI-CD docs (#5489)
  • Add explicit RHEL8 builders to omnibus build (#5527)
  • Improved port resource performance: adding more specific search while using ss command (#5522)

Bug Fixes

  • file resource more_permissive_than matcher returns nil instead of throwing exception when file does not exist (#5519)

Chef InSpec 4.37.8

Bug Fixes

  • The HTTP resource response body is now coerced into UTF-8. (#5510)
  • The automate login command now will verify credentials before storing them. (#5509)
  • Modified the windows_feature resource to indicate if a feature is enabled rather than just available. (#5506)

Chef InSpec 4.37.0

New Features

  • The new inspec automate command replaces the inspec compliance command, which is now deprecated. (#5490)

Improvements

  • Updated OpenSSL to 1.1.1k on macOS to address several CVEs. (#5493)

Bug Fixes

  • Fixed an error when using profile dependencies and require_controls. (#5487)
  • Fixed the windows_firewall_rule resource when it failed to validate more than one rule. (#5502)

Chef InSpec 4.36.4

New Features

  • Added the selinux resource which includes support for modules and booleans. (#5458) (#5463)
  • Added the pattern input option for DSL and metadata inputs. (#5466)
  • Added the members_array property for group & groups resources. (#5479)
  • Train now reads the username and port from the .ssh/config file and will use these values if present. (train #659)

Bug Fixes

  • Switch to GNU timeout-based implementation of SSH timeouts. (train #679)
  • Fixed the group resource when a member does not exist. (#5470)

Chef InSpec 4.33.1

New Features

  • Added the new --reporter-include-source CLI option, which includes the source code of the controls in the output of the CLI reporter. (#5465)

Bug Fixes

  • Removed the default of 3600 seconds for --command-timeout CLI option. (#5472)

Chef InSpec 4.32.0

New Features

  • Added ability to pass inputs to InSpec shell using input file and cli (#5452) For more information, see How can I set Inputs? in the InSpec documentation.

Bug Fixes

  • Fix SSH Timeout PTY allocation (train #676). We fixed a bug that caused occasional failures in some command resources that use SSH transport and were mistakenly allocated a pseudoterminal (PTY) when setting a timeout. In some cases, the PTY changed how the resource was interpreted. This fix only uses PTY when explicitly requested.

Chef InSpec 4.31.1

This release is a hotfix to address a regression in 4.31.0.

Bug Fixes

  • Fix for error “timed out after 0 seconds” on all command resources under kitchen-inspec (#5455)

Chef InSpec 4.31.0

New Features

  • Commands can now be set to timeout using the command resource or the --command-timeout option in the CLI. Commands timeout by default after one hour. (#5443)
  • Added the --docker-url CLI option, which can be used to specify the URI to connect to the Docker Engine. (#5445)
  • Added support for targeting Linux and Windows containers running on Docker for Windows. (train #674)

Bug Fixes

  • Hash inputs will now be loaded consistently and accessed as strings or symbols. (#5446)

Chef InSpec 4.29.3

New Features

  • The JSON metadata pass through configuration has been moved from the Automate reporter to the JSON Reporter (#5430)
  • MacOS packages are now built for the arm architecture (M1 chipset) (#5432)

Bug Fixes

  • The apt resource now correctly fetches all package repositories using the -name flag in an environment where ZSH is the user’s default shell. (#5437)

  • The --controls option in inspec exec now correctly filters the controls by name. (#5434)

  • Updates how InSpec profiles are created with GCP or AWS providers so they use inputs instead of attributes. (#5435)

  • inspec exec will now fetch profiles via Git regardless of the name of default branch. (#5438)

Chef InSpec 4.28.0

New Features

  • Added the option to filter out empty profiles from reports. (#5425)
  • Exposed the conf_path, content, and params properties to the auditd_conf resource. (#5422)
  • Added the ability to specify --user when connecting to docker containers. (train #669)
  • Added a clear_cache option to the InSpec CLI. (#5266)

Bug Fixes

  • Fixed the crontab resource when passing a username to AIX. (#5418)
  • Added Git to the Docker build. (#5420)
  • Stopped a backtrace from occurring when using cmp to compare nil with a non-existing file. (#5427)

Chef InSpec 4.26.13

Bug Fixes

  • Fixed skip_control to work on deeply nested profiles. (#5411)
  • The ssh_config and sshd_config resources now correctly use the first value when a setting is repeated. (#5414)

Chef InSpec 4.26.4

New Features

  • You can now directly refer to settings in the nginx_conf resource using the its syntax. Thanks @rgeissert! (#5285)
  • You can now specify the shell type for WinRM connections using the --winrm-shell-type option. Thanks @catriona1! (#5263)
  • Plugin settings can now be set programmatically. Thanks @tecracer-theinen! (#5393)

Bug Fixes

  • Updated the oracledb_session to use more general invocation options. Thanks @pacopal! (#5193)
  • Fixed an error with the http resource when packaged with Chef Infra Client by including faraday_middleware in the gemspec. (#5391)
  • Fixed an incompatibility between parslet and toml when used with Chef Infra. (#5394)
  • Improved programmatic plugin configuration. (#5395)

Chef InSpec 4.25.1

New Features

  • Chef InSpec is now released natively on aarch64 packages for the ARM architecture on Debian, SLES, and Ubuntu. (#5386)

Improvements

  • OpenSSH Client on Windows can now be tested with the ssh_config and sshd_config resources. Thanks @rgeissert! (#5288)

Bug Fixes

  • Thor is now unconditionally required. (#5388)

Chef InSpec 4.24.32

Improvements

  • The local working directory is now ignored when a Docker image of InSpec is built. (#5360)

Bug Fixes

  • Docker images of InSpec are now built using Omnibus. (#5362)

Chef InSpec 4.24.28

Improvements

  • The --reporter-message-truncation option now also truncates the code_desc field. (#5372)

Bug Fixes

  • The documentation incorrectly stated that waivered controls will default to run:false when in fact they default to running. The documentation has been corrected and a test has been added. Thanks @dwmarshall! (#5370)
  • Chef InSpec 4.24.26 was released with a defect that caused every invocation to exit with an error mentioning the supermarket plugin and the ffi gem. This has been fixed by avoiding the 1.14.2 version of the ffi gem. (#5375)

Chef InSpec 4.24.26

Improvements

  • The parse_config resource now accepts [ and ] characters, which allows access to settings that contain dots. Thanks @rgeissert! (#5252)
  • The gemspec allows for Ruby 3.0 use and opens the way for future testing. (#5357)
  • Updated the RSpec dependency to version 3.10. (#5342)
  • The mssql_session resource expands its platform support to include macOS and Linux since the sqlcmd utility is now available on those platforms. Thanks @kclinden! (#5366)

Backward Incompatibilities

  • macOS 10.13 is no longer a supported platform for Chef InSpec. (#5311)

Chef InSpec 4.24.8

New Features

  • The Chef InSpec Omnibus package adds ed25519 SSH key support. (#5299)
  • The addition of resource_class and resource_params to the JSON Reporter output reveals specific resources used and entered parameters to users. (#5241)
  • Specify more than one platform in Chef InSpec Profiles with supported asterisk (*) wildcard use. (#5302)

Improvements

  • Chef InSpec now ships with Ruby 2.7.2. Internal Ruby-related deprecation warnings are now turned off by default, but Chef InSpec-specific warnings are not turned off. (#5281)
  • The wmi resource becomes more predictable by returning arrays for wmi properties. (#5314)
  • Updated dependencies reflects the removal of Ruby 2.4 support. (#5325)

Bug Fixes

  • The grub_conf resource no longer assumes that the default config for grub2 contains menuentry lines. (#5306)
  • Accessing the home directory no longer causes an error if the HOME environment is absent. (#5317)
  • A Ruby 2.5 dependency issue that affected gem builds is fixed. (#5321)

Backward Incompatibilities

  • Ruby 2.4 is no longer supported. (#5321)

Chef InSpec 4.23.15

Improvements

  • The Chef Habitat packages for Chef InSpec use Ruby 2.6 instead of Ruby 2.5. (#5287)

Bug Fixes

  • Waivers return a consistent message for expiration dates rather a message dependent on the waiver’s run value. (#5278)

Chef InSpec 4.23.11

Improvements

  • inspec --help now links to information about Chef’s patents. (#5255)

Chef InSpec 4.23.10

Bug Fixes

  • The Latest: The junit2 reporter now works as expected. (#5244)

Chef InSpec 4.23.4

New Features

  • Discretion: A mechanism marks inputs as sensitive: true and replaces their values with “***”. (#5054)
  • Cut the Chatter: Use the --no-diff CLI option to suppress diff output for textual tests. (#5054)
  • Sorted: Control the order of controls in output, but not execution order, with the --sort_results_by=none|control|file|random CLI option. (#5054)
  • Test Better: Disable caching of inputs with a cache_inputs: true setting. (#5211)

Improvements

  • Port Access: postgres_session allows for custom ports in the postgres_session('username', 'password', 'host', 'port') command. (#5185)

Bug Fixes

  • Unabridged: Addressed a ps output truncation edge case related to undefined output widths for some Linux systems. (#5232)

Chef InSpec 4.22.22

New Features

  • Shiny: Check out the new windows_firewall and windows_firewall_rule resources! (#4979)
  • New Factor: New junit2 reporter is now available! The junit2 reporter shows the standard JUnit specification in XML format, and is recommended for all new users of JUnit. (#5085)
  • In Progress: We added a test in preparation for the macOS Big Sur (11.0) beta release. (#5217)

Improvements

  • Revision: We converted the legacy junit reporter into a plugin. Nothing changed about using the junit reporter, but it’s a great example of a plugin if you want to build your own! (#5084)
  • Better Finding: Experience more robust Darwin operating system detection. (#5175)
  • Lighter: We removed unused dependencies and the inspec gem no longer ships with the readme file. (#5201, #5203, and #5202)
  • Upgrade: Omnibus builds now use Ruby 2.6.6 for improved security. (#5198)

Bug Fixes

  • Restored: The mysql_session resource works again with stdout, stderr, and exit_status parameters. (#5219)

Backward Incompatibilities

  • Reminder: We no longer build packages for Debian 8 as it is considered end-of-life. (5197)

Chef InSpec 4.22.8

New Features

  • For mysql and postgres session resources, we added functionality that protects passwords from printing out to the console. (#5124)

Improvements

  • The Scientific Linux platform is now supported on the service resource. (#5164)
  • We fixed documentation examples for the passwd resource. (#5171)

Bug Fixes

  • We fixed a bug where failure messages would always end with [TRUNCATED] if truncation was enabled. This meant that you would even get the truncation text even if your message was short enough to begin with. (#5165)

Chef InSpec 4.22.1

Bug Fixes

  • Chef InSpec’s Chef Habitat builds for Linux no longer executes with a PATH that includes build dependency directories. (#5148)

Chef InSpec 4.22.0

New Features

  • Chef InSpec reports the profile as “failed” instead of immediately terminating when a runtime error occurs during loading. (#5128)

Improvements

  • The service resource features an update in preparation for the macOS Big Sur 11 release. (#5130)

Bug Fixes

  • The = character’s presence in a CLI input no longer truncates the value passed to Chef InSpec. (#5135)
  • The apt resource skips unsupported apt-cdrom repositories when parsing lists. (#5138)

Chef InSpec 4.21.3

Bug Fixes

  • Less Static: Chef InSpec logging entries no longer appear in the html2 reporter output.

Chef InSpec 4.21.1

New Features

  • Clark Kent: New html2 reporter now available! The html2 reporter shows all the data from your Chef InSpec run and even allows you to customize your report formatting with custom JavaScript and CSS options. At a later date, the html2 reporter will replace the current rspec-based html reporter.

Improvements

  • Check It Out!: The interface resource features several improvements:
    • The resource supports macOS and FreeBSD
    • The resource includes a pluralized interfaces to query multiple interfaces
    • New ipv4_address and ipv6_address properties return the primary IP address for an interface

Bug Fixes

  • Better Performance: Chef InSpec no longer reopens a new SSH connection for each command when targeting hosts over SSH.

Chef InSpec 4.20.10

Bug Fixes

  • Chef InSpec works again with tools that depend on the inspec Ruby gem, which fixes a bug in the 4.20.6 release.

Chef InSpec 4.20.6

Bug Fixes

  • Certain substrings within a .toml file no longer cause unexpected crashes.

Chef InSpec 4.20.2

Improvements

  • Accurate InSpec CLI input parsing for numeric values and structured data, which were previously treated as strings. Numeric values are cast to an integer or float; YAML or JSON structures are converted to a hash or an array.
  • Suppress deprecation warnings on inspec exec with the --silence-deprecations option.
  • Expanded only_ifdocumentation.

Bug Fixes

  • Fixed an issue in testing for file existence on Solaris 10.

Chef InSpec 4.19.2

New Features

  • Check out our new x86_64 and aarch64 packages for Amazon Linux.
  • We added aarch64 packages for RedHat.

Bug Fixes

  • We restored Chef InSpec to work on Microsoft Windows after a build issue.

Chef InSpec 4.19.0

New Features

  • In Your Hands: Develop your own Chef InSpec Reporter plugin and determine how Chef InSpec will report result data. Learn more about Chef Inspec plugins and implementation in our documentation.
  • Easier Form: The inspec archive command packs your profile into a tar.gz file that includes the profile in JSON form as the inspec.json file. Use this JSON file to programmatically examine the profile without needing to load it into Chef InSpec.

Improvements

  • More Dates: Chef InSpec accepts a variety of date formats in the waivers.yaml configuration file, rather than only the YYYY-MM-DD format.

Chef InSpec 4.18.114

New Features

  • Use the new inspec command options to control the size of reports:
    • --reporter-message-truncation sets a length limit for the message field in test failure report data.
    • --reporter-backtrace-inclusion determines if Ruby backtraces should be included in test failure report data.

Chef InSpec 4.18.111

Bug Fixes

  • Not a Blocker: Chef InSpec allows an input and a control to have the same name.
  • Clarity: Inputs with a value passed by the user and no default value no longer cause incorrect “Input does not have a value” warnings.

Chef InSpec 4.18.108

Improvements

  • Troubleshooting Help: inspec compliance logs if an error occurs when connecting to a Chef Automate instance.

Chef InSpec 4.18.104

New Features

  • Time Is Time: The search and install CLI commands now accept a --source option that allows a gem package source other than RubyGems.org.

Improvements

  • You Make My Dreams: The virtualization resource supports expanded detection of VMware, Hyper-V, VirtualBox, KVM and Xen hypervisors, and includes virtual_system? and physical_system? helper methods.

Bug Fixes

  • Tell It Like It Is: The service resource correctly detects Windows hosts.

Chef InSpec 4.18.100

Bug Fixes

  • We fixed a problem in which the sudo password would appear to be ignored even if provided.
  • We resolved an issue in which profiles could not be fetched from an Automate server.
  • The release property of the platform resource no longer breaks for Chef Habitat with Linux.

Chef InSpec 4.18.97

Bug Fixes

  • Fixed an issue in which custom resources in resource packs could not be created.

Chef InSpec 4.18.85

New Features

  • Read SSL certificate contents from files or the content that you provide. Thank you to @frezbo for this new feature!
  • The archive command includes an --airgap mode, which allows it to re-package archives with remote dependencies and not fail.
  • Improve your resource debugging experience with the new --inspect option for the inspec shell command.
  • The service resource features new support for yocto-based linux distributions. Thank you to @michaellihs for this addition!
  • The package resource now includes support for FreeBSD. Thank you to @fzipi for this work!

Improvements

  • Our macOS packaging is compatible with macOS Catalina. For more information, see our recent blog post.
  • The ControlEvalContext, LibraryEvalContext, and Resource classes experienced removal of most meta-programming.
  • We standardized the platform for the etc_hosts, virtualization, ini, and xml resources.

Bug Fixes

  • The name of the option --winrm-basic-auth-only correctly matches the option provided by train. Thanks @shawnifoley for this fix!
  • The oracledb_session resource works again due to a missing quote fix.
  • command.exist? now conforms to POSIX standards. Thanks to @PiQuer!
  • Errors with bad tarball files will properly report.
  • The groups resource on macOS no longer reports duplicates anymore.
  • The JSON reporter’s attributes array will not remain empty. Thanks @nazliBeit for your contribution!
  • Changed the postfix_conf resource’s supported platform to the broader unix. Thank you to @fzipi for this fix!

Chef InSpec 4.18.51

Improvements

  • Readable: A message appears to the user when fetching a profile fails, instead of a wordy stack trace.
  • New Standard: Updating to rspec 3.9 means that output on failures changes from “X should be Y” to “X is expected to be Y”.
  • No More Sign-in Sheet: The WindowsUser resource now tests for the user’s last login date. Thank you @mbaitelman for your contribution!
  • Transformed: Wired up control blocks to use resources.

Bug Fixes

  • Future Proofing: Compatibility fixes added in preparation for ruby 2.7.
  • Logging at Last: Fixed inspec detect so the --log-level=<level> command works properly.

Backward Incompatibilities

  • Technical Adjustment: Moved lib/fetchers to lib/inspec/fetcher and re-namespaced accordingly.

Chef InSpec 4.18.39

Bug Fixes

  • Expansion: You can now use inputs in describe.one blocks.
  • Customize Today: The npm resource now works with a custom path on Windows.
  • Wait, There’s More: The npm resource now works under sudo on Unix.
  • Translation: Fixed handling of text files within profiles on Windows by using UTF-8 encoding and converting newlines.
  • Yay!: The gem resource works again.
  • Decoder Ring: The apt resource now properly parses config files with an architecture specifier.

Chef InSpec 4.18.38

This release does not have any release notes.

Chef InSpec 4.18.24

This release does not have any release notes.

Chef InSpec 4.18.0

New Features

  • Exceptional: Use Waivers to mark controls as being administratively expected to fail.

Improvements

  • What Do You Call…?: The interface resource now has a name property.
  • Dazed and Conf-user-ed: Expanded user resource to include the passwordage, maxbadpasswords, and badpasswordattempts properties with Windows.

Bug Fixes

  • Repaired: Fixed a regression in which most RSpec-based matchers were broken.
  • Understandable: The apt resources now correctly parse quoted repository addresses.
  • Back In Action: inspec env works again, instead of erroneously stacktracing.

Chef InSpec 4.17.17

Bug Fixes

  • Dynamically loaded resources work again in describe.one blocks.
  • You can use only_if blocks on non-OS platforms, such as cloud providers.

Chef InSpec 4.17.15

Bug Fixes

Fixed two bugs introduced in yesterday’s release:

  • Vision Quest: The new resource loader sees all the resources.
  • Test Prep: RSpec test DSL uses InSpec lazy resource loading correctly.

Chef InSpec 4.17.14

Bug Fixes

Fixed two bugs introduced in yesterday’s release:

  • Vision Quest: The new resource loader sees all the resources.
  • Test Prep: RSpec test DSL uses InSpec lazy resource loading correctly.

Chef InSpec 4.17.11

Bug Fixes

Fixed two bugs introduced in yesterday’s release:

  • Vision Quest: The new resource loader sees all the resources.
  • Test Prep: RSpec test DSL uses InSpec lazy resource loading correctly.

Chef InSpec 4.17.7

New Features

  • Choice: The sys_info resource now supports ip_address, fqdn, domain, and short options when giving a version of the hostname.
  • Boom!: We have released our beta Chef InSpec plug-in for HashiCorp Vault. Check it out in our inspec-vault GitHub repo and let us know what you think – or better yet, start jumping in and contributing with us on it.
  • Also: Waivers, our new beta feature, was added to InSpec! Waivers allows you to better manage compliance failures. We would love to hear your feedback on this! See our documentation for more details.

Improvements

  • Accelerate: Sped up initial load/response time for all commands by removing pre-leading of resources on invocation of inspec.
  • Better Debugging: If an error occurs when using the json resource with a command source, you will now get the error message from STDERR returned in the report.
  • Makeover: We improved the formatting of the usage help, so what you see when you type inspec exec --help should look better!

Bug Fixes

  • Squashed: We fixed a bug on sys_info, etc_hosts, and several other resources, which would cause a ConversionError stacktrace when used in a describe block. This bug would not occur when used as an information gathering call, such as sys_info.manufacturer.
  • Compressed: Resolved encoding issues with the JSON reporter and .tar.gz profiles.
  • Clear Expression: Fixed a deprecation warning on the apt resource when using the =~ operator with false.
  • Locating: Improved how the postfix_conf resource handles a non-standard config location.
  • Remake: Refactored activator plugin to be more idiomatic.
  • Excerpt: Resolved quoting issues with the mssql_session resource.
  • Loaded: Fixed Plugin loader to check for the inspec-core gem if the inspec gem is not found, and to fail gracefully otherwise.

Chef InSpec 4.17.6

This release does not have any release notes.

Chef InSpec 4.16.0

New Features

  • One’s Option: inspec exec now supports a new CLI option, --input name=value, which allows you to set an Input directly on the command line. While YAML files are still more practical and recommended for large numbers of inputs, use the --input option to set just one or two.
  • Mail Me Maybe: Manage your Postfix mail transfer agent configurations with its new available resource. Thank you to @dmgasper for this!
  • Slowly but Surely: InSpec now is ready to accept the input option from the audit cookbook and the kitchen-inspec plugin. This is another step on the journey of renaming ‘attributes’ to ‘inputs’! You can use this immediately with kitchen-inspec, and stay tuned for the audit cookbook update!
  • All in One Place: InSpec and Train plugins may now store configuration data in the user configuration file at ~/.inspec/config.json. This change allows plugins to store things like authentication tokens, service discovery addresses, or other information in one place. Plugins are not required to use the configuration file, but it is one option.

Improvements

  • Check It Out!: We improved the output of inspec plugin list:
    • The output is now in a table format and includes built-in plugins
    • Installed plugins now display their versions
    • Filter which plugins to list via new CLI options
    • See inspec plugin list -h for more information
  • Heads Up: The inspec check command will now issue a warning if the inspec_version constraint in a profile cannot be satisfied by the current version of InSpec running it.

Bug Fixes

  • Entirely Set: Resources were not fully initialized in some cases, which lead to broken messaging during reporting, but we fixed this.

Chef InSpec 4.12.0

New Features

  • Who’s Who: The service resource now has a startuser property, which lets you examine the username that started the service.

Bug Fixes

  • Comma Fix: Looks like we had some syntax errors in our examples in the documentation for the wmi resource, which Jeff Brimager pointed out. A few commas later and all is well!
  • Pluralization Matters: Another typo was fixed in the umask example.
  • Present and Accounted: On MacOS, the group resource was not working correctly as it under-reported membership. That has been fixed. So if you are on MacOS, you are now a staff member. Congratulations!

Backward Incompatibilities

  • No Longer Available: We have dropped support for SUSE Linux Enterprise Server (SLES) 11, which was EOL’d as of March 31, 2019.
  • Tidying Up: The inspec-core gem, a distribution with fewer dependencies and no need for compilers, will no longer include WinRM functionality. This change does not impact most users of Chef InSpec, only those who use the specialized inspec-core version. If you need WinRM functionality, install the train-winrm gem, but please note that winrm support requires a compiler to install.

Chef InSpec 4.11.3

This release does not have any release notes.

Chef InSpec 4.10.4

New Features

  • Structure Enhancement: The Habitat plugin now uses scaffolding, which allows users to follow current best practices. When you run inspec habitat profile create now, the templates will be sourced from the Habitat scaffolding for InSpec rather than the older unmaintained templates in Chef InSpec itself.

Improvements

  • Finally!: Relative path support added for specifying a path to a profile in a Git repo. This means that you can organize multiple profiles into one git repo, and select an individual profile from any subdirectory in the git repo.
  • Simmer Down: inspec version no longer checks and reports against rubygems.org versions. The version check no longer talks on the network. This makes the version check much faster, less likely to cause a failure under CI, and also less surprising behavior.

Bug Fixes

  • More than One: The windows_task resource now handles multiple triggers.

Chef InSpec 4.7.24

New Features

  • Sweet: The sys_info resource features two new properties - manufacturer and model - which let you determine information about the hardware being inspected.

Improvements

  • Lights Out: The service resource no longer issues a deprecation warning when the should be_running matcher is used. There are no plans to remove this matcher in the foreseeable future. Thank you to users for their feedback on this!

Bug Fixes

  • The Need For Speed: When installing plugins, the installer no longer tries to extract documentation from the underlying libraries, a process which usually failed in the past. This change makes plugin installation much faster, more stable, and requires less disk space.
  • Painted: Chef InSpec properly handles and reports exceptions with mutually incompatible resources and transports. For example: Using a file resource on the aws transport.

Chef InSpec 4.7.18

Improvements

  • For inspec-aws users, the release process for the inspec-aws resource pack changed:

This release begins the full naming convention of the inspec-aws project at 1.0.1. No breaking changes are present. To date, the project has been unversioned with many releases labeled as version 0.1.0 in the inspec.yml, so we are starting fresh at 1.0.0.

Because inspec-aws has critical gem dependencies on Chef InSpec, it is important to use a version of inspec-aws that is compatible with a minimum version of Chef InSpec. This release requires Chef InSpec 4.7.x, and is likely to work with Chef InSpec 4.x.

Chef InSpec 4.7.3

This release does not have any release notes.

Chef InSpec 4.6.9

This release does not have any release notes.

Chef InSpec 4.6.4

This release does not have any release notes.

Chef InSpec 4.6.3

This release does not have any release notes.

Chef InSpec 4.3.2

This release does not have any release notes.

Chef InSpec 3.9.3

This release does not have any release notes.

Chef InSpec 3.9.0

This release does not have any release notes.

Chef InSpec 3.7.11

This release does not have any release notes.

Chef InSpec 3.7.1

This release does not have any release notes.

Chef InSpec 3.6.6

This release does not have any release notes.

Chef InSpec 3.6.4

This release does not have any release notes.

Chef InSpec 3.6.2

This release does not have any release notes.

Chef InSpec 3.5.0

This release does not have any release notes.

Chef InSpec 3.4.1

This release does not have any release notes.

Chef InSpec 3.3.14

This release does not have any release notes.

Chef InSpec 3.2.6

This release does not have any release notes.

Chef InSpec 3.1.3

This release does not have any release notes.

Chef InSpec 3.0.64

This release does not have any release notes.

Chef InSpec 3.0.61

This release does not have any release notes.

Chef InSpec 3.0.52

This release does not have any release notes.

Chef InSpec 3.0.46

This release does not have any release notes.

Chef InSpec 3.0.25

This release does not have any release notes.

Chef InSpec 3.0.12

This release does not have any release notes.

Chef InSpec 3.0.9

This release does not have any release notes.

Chef InSpec 3.0.0

This release does not have any release notes.

Chef InSpec 2.3.28

This release does not have any release notes.

Chef InSpec 2.3.24

This release does not have any release notes.

Chef InSpec 2.3.23

This release does not have any release notes.

Chef InSpec 2.3.10

This release does not have any release notes.

Chef InSpec 2.3.5

This release does not have any release notes.

Chef InSpec 2.3.4

This release does not have any release notes.

Chef InSpec 2.2.112

This release does not have any release notes.

Chef InSpec 2.2.102

This release does not have any release notes.

Chef InSpec 2.2.101

This release does not have any release notes.

Chef InSpec 2.2.78

This release does not have any release notes.

Chef InSpec 2.2.70

This release does not have any release notes.

Chef InSpec 2.2.64

This release does not have any release notes.

Chef InSpec 2.2.61

This release does not have any release notes.

Chef InSpec 2.2.55

This release does not have any release notes.

Chef InSpec 2.2.54

This release does not have any release notes.

Chef InSpec 2.2.50

This release does not have any release notes.

Chef InSpec 2.2.41

This release does not have any release notes.

Chef InSpec 2.2.35

This release does not have any release notes.

Chef InSpec 2.2.34

This release does not have any release notes.

Chef InSpec 2.2.27

This release does not have any release notes.

Chef InSpec 2.2.20

This release does not have any release notes.

Chef InSpec 2.2.16

This release does not have any release notes.

Chef InSpec 2.2.10

This release does not have any release notes.

Chef InSpec 2.1.84

This release does not have any release notes.

Chef InSpec 2.1.83

This release does not have any release notes.

Chef InSpec 2.1.81

This release does not have any release notes.

Chef InSpec 2.1.80

This release does not have any release notes.

Chef InSpec 2.1.78

This release does not have any release notes.

Chef InSpec 2.1.72

This release does not have any release notes.

Chef InSpec 2.1.68

This release does not have any release notes.

Chef InSpec 2.1.67

This release does not have any release notes.

Chef InSpec 2.1.59

This release does not have any release notes.

Chef InSpec 2.1.54

This release does not have any release notes.

Chef InSpec 2.1.43

This release does not have any release notes.

Chef InSpec 2.1.30

This release does not have any release notes.

Chef InSpec 2.1.21

This release does not have any release notes.

Chef InSpec 2.1.10

This release does not have any release notes.

Chef InSpec 2.1.0

This release does not have any release notes.

Chef InSpec 2.0.45

This release does not have any release notes.

Chef InSpec 2.0.32

This release does not have any release notes.

Chef InSpec 2.0.17

This release does not have any release notes.

Chef InSpec 2.0.16

This release does not have any release notes.

Chef InSpec 1.51.31

This release does not have any release notes.

Chef InSpec 1.51.25

This release does not have any release notes.

Chef InSpec 1.51.21

This release does not have any release notes.

Chef InSpec 1.51.18

This release does not have any release notes.

Chef InSpec 1.51.15

This release does not have any release notes.

Chef InSpec 1.51.6

This release does not have any release notes.

Chef InSpec 1.51.0

This release does not have any release notes.

Chef InSpec 1.50.1

This release does not have any release notes.

Chef InSpec 1.49.2

This release does not have any release notes.

Chef InSpec 1.48.0

This release does not have any release notes.

Chef InSpec 1.47.0

This release does not have any release notes.

Chef InSpec 1.46.2

This release does not have any release notes.

Chef InSpec 1.45.13

This release does not have any release notes.

Chef InSpec 1.45.9

This release does not have any release notes.

Chef InSpec 1.44.8

This release does not have any release notes.

Chef InSpec 1.43.8

This release does not have any release notes.

Chef InSpec 1.43.5

This release does not have any release notes.

Chef InSpec 1.42.3

This release does not have any release notes.

Chef InSpec 1.41.0

This release does not have any release notes.

Chef InSpec 1.40.0

This release does not have any release notes.

Chef InSpec 1.39.1

This release does not have any release notes.

Chef InSpec 1.38.8

This release does not have any release notes.

Chef InSpec 1.37.6

This release does not have any release notes.

Chef InSpec 1.36.1

This release does not have any release notes.

Chef InSpec 1.35.1

This release does not have any release notes.

Chef InSpec 1.34.1

This release does not have any release notes.

Chef InSpec 1.33.12

This release does not have any release notes.

Chef InSpec 1.33.1

This release does not have any release notes.

Chef InSpec 1.32.1

This release does not have any release notes.

Chef InSpec 1.31.1

This release does not have any release notes.

Chef InSpec 1.31.0

This release does not have any release notes.

Chef InSpec 1.30.0

This release does not have any release notes.

Chef InSpec 1.29.0

This release does not have any release notes.

Chef InSpec 1.28.1

This release does not have any release notes.

Chef InSpec 1.28.0

This release does not have any release notes.

Chef InSpec 1.27.0

This release does not have any release notes.

Chef InSpec 1.26.0

This release does not have any release notes.

Chef InSpec 1.25.1

This release does not have any release notes.

Chef InSpec 1.25.0

This release does not have any release notes.

Chef InSpec 1.24.0

This release does not have any release notes.

Chef InSpec 1.23.0

This release does not have any release notes.

Chef InSpec 1.22.0

This release does not have any release notes.

Chef InSpec 1.21.0

This release does not have any release notes.

Chef InSpec 1.20.0

This release does not have any release notes.

Chef InSpec 1.19.2

This release does not have any release notes.

Chef InSpec 1.19.1

This release does not have any release notes.

Chef InSpec 1.19.0

This release does not have any release notes.

Chef InSpec 1.18.0

This release does not have any release notes.

Chef InSpec 1.17.0

This release does not have any release notes.

Chef InSpec 1.16.1

This release does not have any release notes.

Chef InSpec 1.15.0

This release does not have any release notes.

Chef InSpec 1.14.1

This release does not have any release notes.

Chef InSpec 1.7.1

This release does not have any release notes.

Chef InSpec 1.6.0

This release does not have any release notes.

Chef InSpec 1.5.0

This release does not have any release notes.

Chef InSpec 1.4.1

This release does not have any release notes.

Chef InSpec 1.3.0

This release does not have any release notes.

Chef InSpec 1.0.0

This release does not have any release notes.

Thank you for your feedback!

×









Search Results