Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

audit (74) Versions 7.2.0

Allows for fetching and executing compliance profiles, and reporting their results

Policyfile
Berkshelf
Knife
cookbook 'audit', '= 7.2.0', :supermarket
cookbook 'audit', '= 7.2.0'
knife supermarket install audit
knife supermarket download audit
README
Dependencies
Changelog
Quality 100%

audit cookbook

Cookbook Version Build Status

The audit cookbook allows you to run InSpec profiles as part of a Chef Client run. It downloads configured profiles from various sources like Chef Automate, Chef Supermarket or Git and reports audit runs to Chef Automate.

Quickstart

The audit cookbook supports a number of different reporters and fetchers which can be confusing. Please see the supported configurations documentation which has a few copy/paste examples to get you started quickly.

Requirements

Chef

  • Chef Client >=12.5.1

Support Matrix

Chef Automate

Automate version InSpec version Audit Cookbook version
< 0.8.0 ≤ 1.23.0 ≤ 3.1.0
≥ 0.8.0 ≥ 1.24.0 ≥ 4.0.0

Chef Compliance

Chef Compliance version InSpec version Audit Cookbook version
≤ 1.1.23 = 0.20.1 = 0.7.0
> 1.1.23 ≥ 0.22.1 = 0.8.0
≥ 1.6.8 ≥ 1.2.0 > 1.0.2

Deprecation Note:

Please use reporter instead of collector attribute

With version 3.1.0 the use of the collector attribute is deprecated. Please use reporter instead. The collector attribute will be removed in the next major version.

default['audit']['collector'] = 'chef-server-compliance'

becomes:

default['audit']['reporter'] = 'chef-server-compliance'

Use chef-server-automate and chef-automate instead of chef-server-visibility and chef-visibility

With version 3.1.0 the reporter attribute deprecates the values chef-server-visibility and chef-visibility. They have been renamed:

  • chef-server-visibility => chef-server-automate
  • chef-visibility => chef-automate

The support for values chef-server-visibility and chef-visibility will be removed in the next major version.

Overview

Component Architecture

 ┌──────────────────────┐    ┌──────────────────────┐    ┌─────────────────────┐
 │     Chef Client      │    │   Chef Server Proxy  │    │   Chef Compliance   │
 │                      │    │      (optional)      │    │   or Chef Automate  │
 │ ┌──────────────────┐ │    │                      │    │                     │
 │ │                  │◀┼────┼──────────────────────┼────│  Profiles           │
 │ │  audit cookbook  │ │    │                      │    │                     │
 │ │                  │─┼────┼──────────────────────┼───▶│  Reports            │
 │ └──────────────────┘ │    │                      │    │                     │
 │                      │    │                      │    │                     │
 └──────────────────────┘    └──────────────────────┘    └─────────────────────┘

InSpec Profiles can be hosted from a variety of locations:

 ┌──────────────────────┐                                ┌─────────────────────┐
 │     Chef Client      │     ┌───────────────────────┐  │   Chef Compliance   │
 │                      │  ┌──│ Profiles(Supermarket, │  │   or Chef Automate  │
 │ ┌──────────────────┐ │  │  │ Github, local, etc)   │  │                     │
 │ │                  │◀┼──┘  └───────────────────────┘  │                     │
 │ │  audit cookbook  │◀┼────────────────────────────────│  Profiles           │
 │ │                  │─┼───────────────────────────────▶│  Reports            │
 │ └──────────────────┘ │                                │                     │
 │                      │                                │                     │
 └──────────────────────┘                                └─────────────────────┘

Usage

The audit cookbook needs to be configured for each node where the chef-client runs. The audit cookbook can be reused for all nodes, all node-specific configuration is done via Chef attributes.

InSpec Gem Installation

Beginning with version 3.x of the audit cookbook, the cookbook will first check to see if InSpec is already installed. If it is, it will not attempt to install it. Future releases of the Chef omnibus package are expected to include InSpec so this will reduce audit run times and also ensure that Chef users in air-gapped or firewalled environments can still use the audit cookbook without requiring gem mirrors, etc.

Also beginning with version 3.x of the audit cookbook, the default version of the InSpec gem to be installed (if it isn't already installed) is the latest version. Prior versions of the audit cookbook were version-locked to inspec version 1.15.0.

To install a different version of the InSpec gem, or to force installation of the gem, set the node['audit']['inspec_version'] attribute to the version you wish to be installed.

Note on AIX Support:

  • InSpec is only supported via the bundled InSpec gem shipped with version >= 13 of the chef-client package.
  • Standalone InSpec gem installation or upgrade is not supported.
  • The default nil value of node['audit']['inspec_version'] will ensure the above behavior is adhered to.

Configure node

Once the cookbook is available in Chef Server, you need to add the audit::default recipe to the run-list of each node. The profiles are selected using the node['audit']['profiles'] attribute. A list of example configurations are documented in [Supported Configurations](docs/supported_configuration.md). Below are some other examples:

default['audit']['reporter'] = 'chef-server-compliance'

# Omit this to use the latest InSpec
default['audit']['inspec-version'] = '1.29.0'

# You may use an array of hashes (shown here) or hash of hashes (shown below)
default['audit']['profiles'].push(
    # Profile from Chef Compliance
    {
      'name': 'linux',
      'compliance': 'base/linux'
    },
    # Profile from Chef Compliance at a particular version
    {
      'name': 'linux-baseline',
      'compliance': 'user/linux-baseline',
      'version': '2.1.0'
    },
    # Profile from Supermarket
    # note: If reporting to Compliance, first upload the Supermarket profile to Chef Compliance.
    # note: Artifactory's Supermarket implementation—"Chef Cookbook repository"—does not support InSpec compliance profiles at this time
    {
      'name': 'ssh',
      'supermarket': 'hardening/ssh-hardening'
    },
    # Profile from local Windows path
    {
      'name': 'brewinc/win2012_audit',
      # filesystem path
      'path': 'E:/profiles/win2012_audit'
    },
    # Profile from GitHub
    {
      'name': 'ssl',
      'git': 'https://github.com/dev-sec/ssl-benchmark.git'
    },
    # Profile from URL
    {
      'name': 'ssh',
      'url': 'https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip'
    }
)

You may prefer to use hashes for your node['audit']['profiles'] when you are merging attributes from multiple sources. Policyfiles do not merge arrays and in the case of Policyfiles with includes you will be able to append additional profiles with each Policyfile.

# Hash of hashes, works with Policyfile includes
default['audit']['profiles']['linux'] = { 'compliance': 'base/linux' }
default['audit']['profiles']['linux-baseline'] = { 'compliance': 'user/linux-baseline', 'version': '2.1.0' }
default['audit']['profiles']['ssh'] = { 'supermarket': 'hardening/ssh-hardening' }
default['audit']['profiles']['brewinc/win2012_audit'] = { 'path': 'E:/profiles/win2012_audit' }
default['audit']['profiles']['ssl'] = { 'git': 'https://github.com/dev-sec/ssl-benchmark.git' }
default['audit']['profiles']['ssh2'] = { 'url': 'https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip' }

Attributes

You can also pass in InSpec Attributes to your audit run. Do this by defining the attributes:

default['audit']['attributes'] = {
  first_attribute: 'some vaule',
  second_attribute: 'another value',
}

Reporting

Reporting to Chef Automate via Chef Server

To retrieve compliance profiles and report to Chef Automate through Chef Server, set the reporter and profiles attributes.

This requires Chef Client >= 12.16.42, Chef Server version 12.11.1, and Chef Automate 0.6.6 or newer, as well as integration between the Chef Server and Chef Automate. More details here.

To upload profiles, you can use the Automate API or the inspec compliance subcommands (requires InSpec 1.7.2 or newer).

Attributes example of fetching from Automate, reporting to Automate both via Chef Server:

default['audit']['reporter'] = 'chef-server-automate'
default['audit']['fetcher'] = 'chef-server'
default['audit']['profiles'].push(
  {
    'name': 'my-profile',
    'compliance': 'john/my-profile'
  }
)

Direct reporting to Chef Compliance

To retrieve compliance profiles and report directly to Chef Compliance, set the reporter, server, owner, refresh_token and profiles attributes.

  • reporter - 'chef-compliance' to report to Chef Compliance
  • server - url of Chef Compliance server with /api
  • owner - Chef Compliance user or organization that will receive this scan report
  • refresh_token - refresh token for Chef Compliance API (https://github.com/chef/inspec/issues/690)
    • note: A UI logout revokes the refresh_token. Workaround by logging in once in a private browser session, grab the token and then close the browser without logging out
  • insecure - a true value will skip the SSL certificate verification when retrieving access token. Default value is false
default['audit']['reporter'] = 'chef-compliance'
default['audit']['server'] = 'https://compliance-fqdn/api'
default['audit']['owner'] = 'my-comp-org'
default['audit']['refresh_token'] = '5/4T...g=='
default['audit']['profiles'].push(
  {
    'name': 'windows',
    'compliance': 'base/windows',
  }
)

Instead of a refresh token, it is also possible to use a token that expires in 12h after its creation.

default['audit']['reporter'] = 'chef-compliance'
default['audit']['server'] = 'https://compliance-fqdn/api'
default['audit']['owner'] = 'my-comp-org'
default['audit']['token'] = 'eyJ........................YQ'
default['audit']['profiles'].push(
  {
    'name': 'windows',
    'compliance': 'base/windows',
  }
)

Direct reporting to Chef Automate

To report directly to Chef Automate, set the reporter attribute to 'chef-automate' and specify where to fetch the profiles from.

  • insecure - a true value will skip the SSL certificate verification. Default value is false

This method sends the report using the data_collector.server_url and data_collector.token options, defined in client.rb. It requires inspec version 0.27.1 or greater. Further information is available at Chef Docs: Configure a Data Collector token in Chef Automate

default['audit']['reporter'] = 'chef-automate'
default['audit']['profiles'].push(
  {
    'name': 'brewinc/tmp_compliance_profile',
    'url': 'https://github.com/nathenharvey/tmp_compliance_profile'
  }
)

If you are using a self-signed certificate, please also read how to add the Chef Automate certificate to the trusted_certs directory

Version compatibility matrix:

Automate version InSpec version Audit Cookbook version
< 0.8.0 ≤ 1.23.0 ≤ 3.1.0
≥ 0.8.0 ≥ 1.24.0 ≥ 4.0.0

Compliance report size limitations

The size of the report being generated from running the compliance scan is influenced by a few factors like:
* number of controls and tests in a profile
* number of profile failures for the node
* controls metadata (title, description, tags, etc)
* number of resources (users, processes, etc) that are being tested

Depending on your setup, there are some limits you need to be aware of. A common one is Chef Server default (1MB) request size. Exceeding this limit will reject the report with ERROR: 413 "Request Entity Too Large". For more details about these limits, please refer to [TROUBLESHOOTING.md](TROUBLESHOOTING.md#413-request-entity-too-large).

Write to file on disk

To write the report to a file on disk, simply set the reporter to 'json-file' like so:

default['audit']['reporter'] = 'json-file'
default['audit']['profiles'].push(
  {
    'name': 'admin/ssh2',
    'path': '/some/base_ssh.tar.gz'
  }
)

The resulting file will be written to <chef_cache_path>/cookbooks/audit/inspec-<YYYYMMDDHHMMSS>.json. The path will also be output to the Chef log:

[2017-08-29T00:22:10+00:00] INFO: Reporting to json-file
[2017-08-29T00:22:10+00:00] INFO: Writing report to /opt/kitchen/cache/cookbooks/audit/inspec-20170829002210.json
[2017-08-29T00:22:10+00:00] INFO: Report handlers complete

Multiple Reporters

To enable multiple reporters, simply define multiple reporters with all the necessary information
for each one. For example, to report to chef-compliance and write to json file on disk:

default['audit']['reporter'] = ['chef-server-automate', 'json-file']
default['audit']['profiles'].push(
  {
    'name': 'windows',
    'compliance': 'base/windows'
  }
)

Profile Fetcher

Fetch profiles from Chef Automate/Chef Compliance via Chef Server

To enable reporting to Chef Automate with profiles from Chef Compliance or Chef Automate, you need to have Chef Server integrated with Chef Compliance or Chef Automate. You can then set the fetcher attribute to 'chef-server'.

This allows the audit cookbook to fetch profiles stored in Chef Compliance. For example:

default['audit']['reporter'] = 'chef-server-automate'
default['audit']['fetcher'] = 'chef-server'
default['audit']['profiles'].push(
  {
    'name': 'ssh',
    'compliance': 'base/ssh'
  }
)

Fetch profiles directly from Chef Automate

This method fetches profiles using the data_collector.server_url and data_collector.token options, in client.rb. It requires inspec version 0.27.1 or greater. Further information is available at Chef Docs: Configure a Data Collector token in Chef Automate

default['audit']['reporter'] = 'chef-automate'
default['audit']['fetcher'] = 'chef-automate'
default['audit']['profiles'].push(
  {
    'name': 'ssh',
    'compliance': 'base/ssh'
  }
)

Profile Upload to Compliance Server

In order to support build cookbook mode, the compliance_profile resource has an upload action that allows uploading a compressed
InSpec compliance profile to the Compliance Server.

Simply include the upload recipe in the run_list, with attribute overrides for the audit hash like so:

default['audit']['server'] = 'https://compliance-server.test/api'
default['audit']['reporter'] = 'chef-compliance'
default['audit']['refresh_token'] = '21/XMEK3...'
default['audit']['profiles'].push(
  {
    'name': 'ssh',
    'compliance': 'base/ssh'
  }
)

Relationship with Chef Audit Mode

The following tables compares the Chef Client audit mode with this audit cookbook.

audit mode audit cookbook
Works with Chef Compliance No Yes
Execution Engine Serverspec InSpec
Execute InSpec Compliance Profiles No Yes
Execute tests embedded in Chef recipes Yes No

Eventually the audit cookbook will replace audit mode. The only drawback is that you will not be able to execute tests in Chef recipes, but since you will be running these tests in production, you will want to have a straightforward, consistent process by which you include these tests throughout your development lifecycle. Within Chef Compliance, this is a profile.

Migrating from audit mode to audit cookbook:

We will improve the migration and help to ease the process and to reuse existing audit mode test as much as possible. At this point of time, an existing audit-mode test like:

control_group 'Check SSH Port' do
  control 'SSH' do
    it 'should be listening on port 22' do
      expect(port(22)).to be_listening
    end
  end
end

can be re-written in InSpec as follows:

# rename `control_group` to `control` and use a unique identifier
control "blog-1" do
  title 'Check SSH Port'  # add the title from `control_group`
  # rename the old `control` to `describe`
  describe 'SSH' do
    it 'should be listening on port 22' do
      expect(port(22)).to be_listening
    end
  end
end

or even simplified to:

control "blog-1" do
  title 'SSH should be listening on port 22'
  describe port(22) do
    it { should be_listening }
  end
end

Disabling 'audit mode' in the Chef client

The audit cookbook and Chef's own "Audit Mode" are not compatible due to global state management done by RSpec which is used by both implementations. To prevent unexpected results, the audit cookbook will prevent Chef from continuing if "Audit Mode" is not disabled.

You can use the chef-client cookbook to disable "Audit Mode" on all of your nodes to permit use of the audit cookbook. As an example, when using the chef-client cookbook you can add this configuration to default_attributes section of a role and add the chef-client cookbook to the run list.

"chef_client": {
  "config": {
    "audit_mode": ":disabled"
  }
},

Interval Settings

If you have long running audit profiles that you don't wish to execute on every chef-client run,
you can enable an interval:

default['audit']['interval']['enabled'] = true
default['audit']['interval']['time'] = 1440 # once a day, the default value

The time attribute is in minutes.

You can enable the interval and set the interval time, along with your desired profiles,
in an environment or role like this:

  "audit": {
    "profiles": [
      {
        "name": "ssh",
        "compliance": "base/ssh"
      },
      {
        "name": "linux",
        "compliance": "base/linux"
      }
    ],
    "interval": {
      "enabled": true,
      "time": 1440
    }
  }

Alternate Source Location for inspec Gem

If you are not able or do not wish to pull the inspec gem from rubygems.org,
you may specify an alternate source using:

# URI to alternate gem source (e.g. http://gems.server.com or filesytem location)
# root of location must host the *specs.4.8.gz source index
default['audit']['inspec_gem_source'] = 'http://internal.gem.server.com/gems'

Please note that all dependencies to the inspec gem must also be hosted in this location.

Using Chef node data

While it is recommended that InSpec profiles should be self-contained and not rely on external data unless
necessary, there are valid use cases where a profile's test may exhibit different behavior depending on
aspects of the node under test.

There are two primary ways to pass Chef data to the InSpec run via the audit cookbook.

Any data added to the node['audit']['attributes'] hash will be passed as individual InSpec attributes.
This provides a clean interface between the Chef run and InSpec profile, allowing for easy assignment
of sane default values in the InSpec profile. This method is especially recommended if the InSpec profile
is expected to be used outside of the context of the audit cookbook so it's extra clear to profile
consumers what attributes are necessary.

In a wrapper cookbook or similar, set your Chef attributes:

node.normal['audit']['attributes']['key1'] = 'value1'
node.normal['audit']['attributes']['debug_enabled'] = node['my_cookbook']['debug_enabled']
node.normal['audit']['attributes']['environment'] = node.chef_environment

... and then use them in your InSpec profile:

environment = attribute('environment', description: 'The chef environment for the node', default: 'dev')

control 'debug-disabled-in-production' do
  title 'Debug logs disabled in production'
  desc 'Debug logs contain potentially sensitive information and should not be on in prod.'
  impact 1.0

  describe file('/path/to/my/app/config') do
    its('content') { should_not include "debug=true" }
  end

  only_if { environment == 'production' }
end

Option 2: Use the chef node object

In the event where it is not practical to opt-in to pass certain attributes and data, the audit cookbook will
pass the Chef node object as an InSpec attribute named chef_node.

While this provides the ability to write more flexible profiles, it makes it more difficult to reuse profiles
outside of an audit cookbook run, requiring the profile user to know how to pass in a single attribute containing
Chef-like data. Therefore, it is recommended to use Option 1 whenever possible.

To use this option, first enable it in a wrapper cookbook or similar:

node.override['audit']['chef_node_attribute_enabled'] = true

... and then use it in your profile:

chef_node = attribute('chef_node', description: 'Chef Node')

control 'no-password-auth-in-prod' do
  title 'No Password Authentication in Production'
  desc 'Password authentication is allowed in all environments except production'
  impact 1.0

  describe sshd_config do
    its('PasswordAuthentication') { should cmp 'No' }
  end

  only_if { chef_node['chef_environment'] == 'production' }
end

Using the InSpec Backend Cache

Introduced in Audit Cookbook v6.0.0 and InSpec v1.47.0

InSpec v1.47.0 provides the ability to cache the result of commands executed on the node being tested. This drastically improves InSpec performance when slower-running commands are run multiple times during execution.

This feature is enabled by default in the audit cookbook. If your profile runs a command multiple times and expects output to be different each time, you may have to disable this feature. To do so, set the inspec_backend_cache attribute to false:

node.normal['audit']['inspec_backend_cache'] = false

Troubleshooting

Please refer to [TROUBLESHOOTING.md](TROUBLESHOOTING.md).

Please let us know if you have any issues, we are happy to help.

Run the tests for this cookbook:

bundle install
bundle exec rake style
# run all ChefSpec tests
bundle exec rspec
# run a specific test
bundle exec rspec ./spec/unit/libraries/automate_spec.rb

How to release the audit cookbook

  • Cookbook source located here: (https://github.com/chef-cookbooks/audit)
  • Hosted Chef users("collaborators") that can publish it to supermarket.chef.io: apop, arlimus, chris-rock, sr. Add more collaborators from Supermarket>Manage Cookbook>Add Collaborator

Releasing a new cookbook version:

  1. version bump the metadata.rb and updated changelog (bundle exec rake changelog)
  2. Get your changes merged into master
  3. Go to the audit cookbook directory and pull from master
  4. Run bundle install
  5. Use stove to publish the cookbook(including git version tag). You must point to the private key of your hosted chef user. For example:
  bundle exec stove --username apop --key ~/git/chef-repo/.chef/apop.pem

License

Author: Stephan Renatus (srenatus@chef.io)
Author: Christoph Hartmann (chartmann@chef.io)
Copyright: Copyright (c) 2015 Chef Software Inc.
License: Apache License, Version 2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Change Log

v7.1.0 (2018-08-23)

Full Changelog

Closed issues:

  • Audit cookbook removes inspec_core on new install #329

Merged pull requests:

  • Switch to the new json-automate reporter when inspec version allows it #334 (alexpop)
  • Add support for node['audit']['profiles'] as a hash of hashes #328 (mattray)
  • Modify examples to not override hash #323 (jerryaldrichiii)

v7.0.1 (2018-07-17)

Full Changelog

Closed issues:

  • NoMethodError: undefined method `inspec_gem' for cookbook: audit, recipe: inspec :Chef::Recipe #320
  • Add support for compliance profiles into chef-zero #188

Merged pull requests:

  • Release audit 7.0.1 #324 (jquick)
  • [MSYS-829] Fix nil class error when profile not found on automate server #321 (NAshwini)

v7.0.0 (2018-05-11)

Full Changelog

Merged pull requests:

v6.1.0 (2018-04-19)

Full Changelog

Closed issues:

  • Support ChefClient 14 #312

Merged pull requests:

v6.0.2 (2018-04-18)

Full Changelog

Closed issues:

  • Failing to add nodes: Error:Response from server was : status code 403 #307
  • Changelog updates #302
  • Chef inspec giving error during client run #300

Merged pull requests:

v6.0.1 (2017-12-21)

Full Changelog

Closed issues:

  • Activate inspec cache by default to boost Windows execution #296

Merged pull requests:

  • Update reporters to log report size. Update readme #299 (alexpop)
  • README update for inspec_backend_cache feature #298 (adamleff)

v6.0.0 (2017-12-06)

Full Changelog

Closed issues:

  • Audit doesn't run when CCR fails #289

Merged pull requests:

  • Enable Inspec caching #297 (jquick)
  • Include handler in exception handlers as well as report handlers #290 (drrk)

v5.0.4 (2017-11-22)

Full Changelog

Closed issues:

  • attributes not being pulled into control #293
  • ERROR: Audit report was not generated properly, skipped reporting #291

Merged pull requests:

v5.0.3 (2017-10-02)

Full Changelog

Merged pull requests:

v5.0.2 (2017-09-27)

Full Changelog

Fixed bugs:

  • Default chef attributes value may lead to accessing nil. #282

Merged pull requests:

v5.0.1 (2017-09-20)

Full Changelog

Closed issues:

  • Warning for format #277
  • UndefinedConversionError: "\xEF" from ASCII-8BIT to UTF-8 #276

Merged pull requests:

v5.0.0 (2017-08-30)

Full Changelog

Merged pull requests:

v4.3.0 (2017-08-29)

Full Changelog

Closed issues:

  • Document location of json reports when reporter is json-file #269
  • Feature enhancement request: Audit cookbook 4.2 to pass node data to Inspec #268

Merged pull requests:

v4.2.0 (2017-08-10)

Full Changelog

Closed issues:

  • Support inspec attributes #261

Merged pull requests:

v4.1.1 (2017-07-18)

Full Changelog

Closed issues:

  • Unexpected Error when using chef-automate fetcher #258
  • Declare audit profile in recipes #257

Merged pull requests:

  • Release 4.1.1 #263 (alexpop)
  • Fix inspec hosted profile diagram for Chef Supermarket #260 (alexpop)
  • Non-null header value required for using chef-automate fetcher (#258) #259 (ChefRycar)

v4.1.0 (2017-07-05)

Full Changelog

Implemented enhancements:

  • Raise exception if no token is set when using the chef-automate fetcher #249 (adamleff)
  • Fail Chef run if Audit Mode is enabled #238 (adamleff)

Fixed bugs:

Closed issues:

  • Ensure support for InSpec 1.25.1+ #252
  • json-file reporter saves ruby hash instead of JSON #244
  • reporter: chef-server-compliance generates error: NameError: uninitialized constant Reporter::ChefServer #234
  • reporter: chef-compliance fails with error "ArgumentError: wrong number of arguments (given 2, expected 1)>" #232

Merged pull requests:

v4.0.0 (2017-05-22)

Full Changelog

Closed issues:

  • Implement Chef-solo Chef Automate fetcher #226

Merged pull requests:

v3.1.0 (2017-05-04)

Full Changelog

Implemented enhancements:

  • Warning from wrong attribute syntax #161

Fixed bugs:

  • Inspec gem is constantly reinstalled if version is specified #215
  • Audit coobook via Chef Automate fails to inherit profiles #206
  • Compliance Profile inheritence does not work with audit cookbook #38

Closed issues:

  • JSON output contains "You have X number of issues or packages out of date" #207
  • Rename collector to reporter #205
  • Audit cookbook failing to install from internal Ruby gem mirror #200
  • Document new chef-server-compliance collector in Readme #190
  • Missing default attribute fail\_if\_any\_audits\_failed #182
  • ability to install inspec as a package #164
  • Cannot report meta-profiles to Chef Compliance #155
  • Support certificates (insecure) for reporting to chef-visibility #150
  • Missing profile results in misleading error message in chef_gate log #144
  • Vendor InSpec gem #112
  • Provide gem_source attribute for fetching any required gems #26

Merged pull requests:

v3.0.0 (2017-04-03)

Full Changelog

Implemented enhancements:

  • Automate profile fetcher #193

Closed issues:

  • upload failed for cookbooks/audit because missing "compat_resource" #204
  • Missing data in Automate UI #199

Merged pull requests:

v2.4.0 (2017-03-01)

Full Changelog

Merged pull requests:

  • Bump cookbook version with new inspec release #198 (alexpop)

v2.3.5 (2017-02-16)

Full Changelog

Closed issues:

  • Direct reporting to Chef Visibility doesn't work when proxying node data through Chef Server #195
  • could not find valid gem 'inspec' #194

Merged pull requests:

v2.3.4 (2017-01-05)

Full Changelog

Closed issues:

  • audit 2.3.2 no longer supports chef-server fetcher + chef-server-visibility collector #184

Merged pull requests:

  • make automate integration tests optional #192 (chris-rock)
  • Fix issue with interval being removed because of chef-client cookbook cleanup #191 (brentm5)

v2.3.3 (2017-01-04)

Full Changelog

Implemented enhancements:

  • Run Chef Automate integration tests in travis #178

Closed issues:

  • Unable to use GIT as a profile source #172

Merged pull requests:

v2.3.2 (2016-12-08)

Full Changelog

Fixed bugs:

  • fail_if_not_present doesn't work #166

Merged pull requests:

  • throw chef-client exception if requested by users #180 (chris-rock)
  • min chef-client version for chef-server-visibility #179 (jeremymv2)

v2.3.1 (2016-12-06)

Full Changelog

Implemented enhancements:

  • Support Visibility in Automate via Chef Server #148
  • Integration tests via OpsWorks ec2 #175 (alexpop)

Closed issues:

  • json-file, unable to save file on a windows system #173
  • Update Changelog #170
  • Integration testing with Chef Automate via test-kitchen #169

Merged pull requests:

v2.3.0 (2016-11-23)

Full Changelog

Implemented enhancements:

  • Improve cookbook usability(fetcher, reporter) renaming #158
  • Update fetcher for chef-server-visibility and add chef-server-compliance collector #163 (alexpop)
  • Mention the integration guide between Chef Server and Automate #160 (alexpop)

Closed issues:

  • Update chef web docs #159

Merged pull requests:

v2.2.0 (2016-11-16)

Full Changelog

Implemented enhancements:

  • Add chef-server-visibility collector and automate fetcher #156
  • Add chef-server-visibility collector #157 (alexpop)

v2.1.0 (2016-11-11)

Full Changelog

Closed issues:

  • Modify wording of ERROR: Please take a look at your interval settings #149

Merged pull requests:

v2.0.0 (2016-11-04)

Full Changelog

Implemented enhancements:

  • Implement RFC: Harmonize profile location targets #118
  • Audit docs improvements #115 (alexpop)

Fixed bugs:

  • Timing issues during report aggregation #81

Closed issues:

  • Cannot run profiles from Supermarket #139
  • version 2.0.0 reporting resources updated #138
  • inspec_version attribute specified twice #137
  • README.md "Upload cookbook to Chef Server" #136
  • Remove temporary report file #132
  • Add Chef Server authentication support #129
  • Add unit tests #128
  • JSON file reporter #126
  • Features missing from 2.0.0 #116
  • Implement reporting as InSpec plugin #111
  • Harmonize audit cookbook profile fetcher with InSpec fetchers #110
  • profile scan is reported every chef-client run even if compliance_profile resource wasn't executed #102
  • audit cookbook compliance run and report should not report converge #70
  • quiet should control whether converge is reported by Chef #65
  • Node information sent to Compliance after first audit run are not accurate #40
  • 403 Forbidden #21

Merged pull requests:

v1.1.0 (2016-10-18)

Full Changelog

Fixed bugs:

  • cookbook in master fails to converge #108

Closed issues:

  • Interval setting is not working properly #101

Merged pull requests:

v1.0.2 (2016-10-12)

Full Changelog

Fixed bugs:

  • Fix bug when counting total failed controls in json format #106 (alexpop)

v1.0.1 (2016-10-06)

Full Changelog

Merged pull requests:

  • Use the new method to retrieve access tokens and fix total_failed bug #103 (alexpop)

v1.0.0 (2016-09-28)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Update to InSpec 1.0 #98

Closed issues:

  • Some tests against windows machines will fail with winrm unitialized constant errors #94
  • Gzip error executing on windows host #93

Merged pull requests:

v0.14.4 (2016-09-06)

Full Changelog

Implemented enhancements:

Merged pull requests:

v0.14.3 (2016-08-25)

Full Changelog

Implemented enhancements:

Fixed bugs:

v0.14.2 (2016-08-16)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Changelog documentation Diff Link error #66
  • we not use inspec progress formatter #11

Merged pull requests:

v0.14.1 (2016-08-15)

Full Changelog

Merged pull requests:

  • ChefCompliance collector fix #75 (alexpop)
  • Update changelog generator task to be native rake task #74 (brentm5)

v0.14.0 (2016-08-12)

Full Changelog

Merged pull requests:

  • removing requirement for setting chef server url #73 (jeremymv2)
  • Add collector attribute and visibility reporting #72 (chris-rock)

v0.13.1 (2016-06-27)

Full Changelog

Merged pull requests:

v0.13.0 (2016-06-22)

Full Changelog

Closed issues:

  • audit cookbook should not report a converge #23

Merged pull requests:

  • Merged interval functionality into default.rb recipe, updated documentation, gave quiet default #64 (mhedgpeth)

v0.12.0 (2016-06-09)

Full Changelog

Merged pull requests:

v0.11.0 (2016-06-09)

Full Changelog

Merged pull requests:

v0.10.0 (2016-06-01)

Full Changelog

Merged pull requests:

v0.9.1 (2016-05-26)

Full Changelog

Closed issues:

  • Reports are not displayed in Chef Compliance #52
  • Cookbook issue with Windows path #48
  • Report to Chef Compliance directly #45

Merged pull requests:

v0.9.0 (2016-05-25)

Full Changelog

Closed issues:

  • Provide support for additional profile hosting sources #49
  • Scan reports showing up as "Skipped" in the Compliance server UI #46

Merged pull requests:

v0.8.0 (2016-05-18)

Full Changelog

Closed issues:

  • Compliance results no longer reports back to Chef Compliance with latest version of inspec #41

Merged pull requests:

v0.7.0 (2016-05-13)

Full Changelog

Closed issues:

  • Undefined method 'path' for nil:NilClass #39
  • Support chef-client < 12.5.1 #30
  • standalone Compliance report #12
  • we should use the latest inspec version by default #8

Merged pull requests:

v0.6.0 (2016-05-03)

Full Changelog

Merged pull requests:

  • fix: use_ssl value has changed error #37 (jeremymv2)
  • Add profile name validation and unit tests #36 (alexpop)
  • Adding an interval check, if you don't want to run every time #17 (spuranam)

v0.5.1 (2016-04-27)

Full Changelog

Merged pull requests:

  • Prevent null pointer when profile cannot be downloaded #35 (alexpop)

v0.5.0 (2016-04-25)

Full Changelog

Closed issues:

  • add option to fail chef run, if the audit failed #3

Merged pull requests:

  • Make inspec_version a cookbook attribute and default it to latest #33 (alexpop)
  • update bundler #32 (chris-rock)
  • update README.md with client version requirement #29 (jeremymv2)

v0.4.4 (2016-04-22)

Full Changelog

Merged pull requests:

v0.4.3 (2016-04-20)

Full Changelog

Merged pull requests:

  • chef-compliance profiles changes require a new ver of inspec #28 (alexpop)
  • Add our github templates #27 (tas50)
  • failing converge if any audits failed #25 (jeremymv2)
  • Misc updates #24 (tas50)
  • adding ability to handle offline compliance server #22 (jeremymv2)

v0.3.3 (2016-04-05)

Full Changelog

Merged pull requests:

  • Use move to avoid cross-device error #19 (alexpop)

v0.3.2 (2016-04-04)

Full Changelog

Merged pull requests:

  • Bump to 0.3.2, testing cookbook release #18 (alexpop)

v0.3.1 (2016-04-01)

Closed issues:

  • Do not crash default recipe, if node['audit'] is not defined #4
  • add default recipe that reads profiles from attributes #1

Merged pull requests:

  • Update readme and update version to test stove cookbook update #16 (alexpop)
  • Update github links and change to version 0.3.0 #15 (alexpop)
  • prepare test-kitchen tests #10 (chris-rock)
  • offer native inspec-style syntax as an alternative #9 (arlimus)
  • lint files and activate travis testing #7 (chris-rock)
  • Update readme and add license information #6 (chris-rock)
  • add default attributes file #5 (srenatus)
  • audit::default: read profiles from attributes, push report to chefserver #2 (srenatus)

* This Change Log was automatically generated by github_changelog_generator

Collaborator Number Metric
            

7.2.0 passed this metric

Contributing File Metric
            

7.2.0 passed this metric

Foodcritic Metric
            

7.2.0 passed this metric

No Binaries Metric
            

7.2.0 passed this metric

Testing File Metric
            

7.2.0 passed this metric

Version Tag Metric
            

7.2.0 passed this metric