This project is a collection of Chef Inspec profiles for use in other sommerfeld-io projects.
- Sonarcloud Code Quality and Security Analysis
- Where to file issues
- Project Board for Issues and Pull Requests
This repository contains multiple profiles in subfolders. You cannot run them directly from the GitHub URL like single-profile repositories. So commands like inspec exec https://github.com/dev-sec/linux-baseline for the Linux Baseline will not work. Instead, you need to either include the profiles as a dependency in your own profile or clone this repository and run the profiles from your local filesystem. See the individual profile README files for detailed usage instructions.
All profiles are tested with chef/inspec:5.22.76.
All issues labeled as risk (= some sort of risk or a technical debt) or security (= disclosed security issues - e.g. CVEs) are tracked as GitHub issue and carry the respective label.
Feel free to contact me via sebastian@sommerfeld.io or raise an issue in this repository.