Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@predominant

predominant/inspec-scaffolding-v2.md

Created July 16, 2020 01:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save predominant/c9c27b1364de8daa236ca4a0fcccf433 to your computer and use it in GitHub Desktop.
Save predominant/c9c27b1364de8daa236ca4a0fcccf433 to your computer and use it in GitHub Desktop.
Download ZIP
Notes regarding a "next generation" implementation of Chef Inspec scaffodling for Chef Habitat.
Raw
inspec-scaffolding-v2.md

Scaffolding vNext

Motivation

The current scaffolding works really well.

Improvements and rearchitecting the current scaffolding would allow for greater flexibility, visibility and customization in profile use and reporting.

Goals

  • Every profile is a Habitat artifact
  • Every profile/artifact can be run stand-alone as a once-off run, or as a service with all the benefits of package subscription and automatic updating that Habitat provides
  • Every profile employed in a scan is reported separately (specified individually on the inspec exec command line)
  • Leverage Habitat for profile dependencies

Nice to have

  • Maintain the list of profiles to be run in a single location
  • Minimal (if any) changes required to existing Inspec profiles

Notes

Graham

  • We need to retain the ability to modify profiles (eg: Setting custom scores)
  • we need to ensure waivers are intelligently managed either in-artifact, or injectable some time later (during run, with configuration?)

Matt

  • Potentially use inputs to define scores/custom values, with defaults in the profile itself.
@predominant
Copy link
Author

We don't have to do every profile as a habitat package, but if we do, we can do reverse dep builds. If Profile A depends on B, A can be rebuilt when a new stable of B is made available. Stretch goal?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment