About Chef InSpec Profiles

A Chef InSpec profile organizes multiple controls into a reusable artifact that can be described and versioned. Each profile is a standalone structure with its own distribution and execution flow.

Chef InSpec supports complex test and compliance profiles, which organize controls to support dependency management and code reuse.

For hands-on examples, check out Test Expectations with Chef InSpec on Learn Chef to learn more about how profiles are structured.

Initialize a new profile

Use the InSpec CLI to generate a new profile.

inspec init profile <PROFILE NAME>

Platforms

You can an initialize profiles that are configured for Google Cloud, Azure, or AWS using the --platform option.

inspec init profile --platform <PLATFORM> <PROFILE NAME>

Replace:

<PROFILE NAME> with the name of your profile
<PLATFORM> with one of the following:
- aws
- azure
- gcp

Profile structure

A profile has following structure:

profile
├── README.md
├── controls
│   ├── example.rb
│   └── control_etc.rb
├── libraries
│   └── extension.rb
|── files
│   └── extras.conf
└── inspec.yml

inspec.yml: The inspec.yml file describes the profile.
Required
controls: The controls directory contains all tests.
Required
libraries: The libraries directory contains all Chef InSpec resource extensions.
Optional
files: The files directory contains additional files that a profile can access.
Optional
README.md: The README.md explains the profile, its scope, and usage.
Optional

Verify profiles

Use the inspec check command to verify the implementation of a profile:

inspec check examples/profile

Execute a profile

Use the exec subcommand to execute a profile.

inspec exec <PROFILE>

inspec exec accepts profiles from several sources, including a local directory, Git repositories, and web-hosted tar files. See the inspec exec documentation for more information.

You can format the results of an audit using InSpec reporters.

Example profiles

See the inspec repository for some example profiles.