Last month, I spoke at the The Bay Area Chef Meetup, hosted by long time #ChefFriends, Wealthfront. They shared their Chef development process beginning with local dev, using Test Kitchen, all the way through their automated testing pipeline. There were also a lot of great discussions about test driven development practices. You can learn more about Chef’s approach to TDD by watching this on-demand webinar.
I gave a presentation and demo of InSpec as part of a high-velocity workflow. InSpec is Chef’s open source project for compliance and integration testing with a human-and machine-readable language for specifying policy requirements. The slides can be downloaded here.
Using a combination of command-line and remote-execution tools, InSpec aligns security and compliance guidelines on an ongoing basis, rather than waiting to remediate after arduous annual audits. InSpec is open source, which makes it a key tool choice for incorporating security into a complete continuous delivery workflow, irrespective of configuration management tools. This reduces the risk of new features and releases breaking established security guidelines.
To get hands on with InSpec, find an event near you or try these tutorials.
A big thank you to Wealthfront for hosting this Meetup.