This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 12 • 15:10 - 15:35
DevSec: Continuous Patch and Security Assessment with InSpec - Christoph Hartmann (Germany)

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Best-practices for server hardening and patching have been in place for decades. Nevertheless, it is still very cumbersome to enforce those rules continuously and many servers are still unsecured in 2016. DevOps tools like Chef, Puppet or Ansible help to enforce secure configuration, but they cannot fully assess a state of a machine e.g. you cannot easily verify if something is not installed.

InSpec is here to help. It is an open source tool for infrastructure, security and compliance testing. InSpec's DSL is a human and machine-readable assessment language that is extendable and customizable. Since testing can be fully automated with InSpec, companies are enabled to assess and enforce secure configuration across their IT fleet. Integration with CI/CD systems allows continuous testing in high-velocity organizations.

This talk will give an introduction to InSpec and demonstrate how patch and security level can be assessed in CI/CD and production environments.

avatar for Christoph Hartmann

Christoph Hartmann

Christoph Hartmann is a lead engineer at Chef and a founder who spent the last decade building complex software and infrastructure systems. Previously, Christoph was responsible for automation at the innovation laboratory at Deutsche Telekom and created effective solutions managi... Read More →

Friday May 12, 2017 15:10 - 15:35
Waterfront Center: Hall 2A

Attendees (36)