Delivery version: 0.4.109 or higher
Inspec version: 0.16.0 or higher
vjeffrey
/ compliance_and_delivery.md
Last active
April 14, 2016 11:51
vjeffrey
/ compliance_and_delivery-MVP.md
Last active
April 7, 2016 14:22
vjeffrey
/ gist:f175887c75f6812560cd8bad6c0bfe01
Last active
February 27, 2017 21:14
automate-compliance-reporting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UX Designs: https://chef.invisionapp.com/d/main#/console/10153068/217133467/preview | |
| Last spike that determined what data UI needs: https://github.com/chef/chef-compliance/issues/1037 | |
| inspec exec https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip -i .vagrant/machines/default/virtualbox/private_key -t ssh://[email protected] --format json | |
| runs https://github.com/dev-sec/ssh-baseline (name i used above is old name) profile against my vm and results are: | |
| (scroll down to about line 570 to see where the full profiles results are, starting with the metadata (inspec.yml) of the profile and then each control's info, which includes id, impast, tags, etc and a results array with the result of each test included inside that control) | |
Install Go: https://golang.org/doc/install?download=go1.8.3.darwin-amd64.pkg
Where does Go go? "The package installs the Go distribution to /usr/local/go."
$ which go
vjeffrey
/ compliance-status.json
Created
April 19, 2018 06:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"platform":{"name":"amazon","release":"2017.09"},"profiles":[{"name":"ssh-baseline","version":"2.3.1","sha256":"db29311bd6781b1f7c3f22422f2d8370405e54efdea3e4f99eb5e54695c65502","title":"DevSec SSH Baseline","maintainer":"DevSec Hardening Framework Team","summary":"Test-suite for best-practice SSH hardening","license":"Apache-2.0","copyright":"DevSec Hardening Framework Team","copyright_email":"[email protected]","supports":[{"os-family":"unix"}],"attributes":[],"groups":[{"id":"controls/ssh_spec.rb","controls":["ssh-01","ssh-02","ssh-03","ssh-04","ssh-05","ssh-06","ssh-07","ssh-08","ssh-09","ssh-10","ssh-11","ssh-12","ssh-13","ssh-14","ssh-15","ssh-16","ssh-17","ssh-18","ssh-19","ssh-20","ssh-21"],"title":"SSH client config"},{"id":"controls/sshd_spec.rb","controls":["sshd-01","sshd-02","sshd-03","sshd-04","sshd-05","sshd-06","sshd-07","sshd-08","sshd-09","sshd-10","sshd-11","sshd-12","sshd-13","sshd-14","sshd-15","sshd-16","sshd-17","sshd-18","sshd-19","sshd-20","sshd-21","sshd-22","sshd-23","sshd-24","sshd |
vjeffrey
/ gist:dbb2714af2577fc8c99d0d069e415597
Last active
January 29, 2019 00:11
cypress experiments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| install it: npm install cypress --save-dev | |
| open the cypress app: ./node_modules/.bin/cypress open | |
| https://docs.cypress.io/guides/getting-started/writing-your-first-test.html#Add-a-test-file | |
| https://docs.cypress.io/guides/getting-started/writing-your-first-test.html#Write-a-real-test | |
| Set up the application state. | |
| - ingest chef-client node |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - october 2018: issue opened for inherited profiles with inspec 1 causing duplicated controls in a2 | |
| - late october 2018: customer is advised to update inspec to 2+, as changes needed will not be backported to inspec 1 | |
| - december 2018: ticket opened for sigsegv failure on ingested inspec 1 reports https://getchef.zendesk.com/agent/tickets/20892 | |
| - corresponding ticket created in github: https://github.com/chef/a2/issues/4494 | |
| - the decision is made, in conversations and on github issues, to update the code to reject inspec 1x reports | |
| - pr is created to implement that logic: https://github.com/chef/a2/pull/4538 (dec 11th) | |
| - some communication of the change happens in support-team: https://chefio.slack.com/archives/C07JNP4LU/p1545335412116200 | |
| - change was noted in readiness mtg and marked in notes: https://docs.google.com/document/d/1x7Xn0YLTF8QTyY7Yru5lL0xe_MFeKrUFQU8_hE9yq2s/edit# | |
| - change was released on january 22 | |
| - optum filed ticket: https://getchef.zendesk.com/agent/tickets/21270 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "version": "2.30.0", | |
| "profiles": [ | |
| { | |
| "name": "ssh", | |
| "title": "Basic SSH", | |
| "maintainer": "Chef Software, Inc.", | |
| "copyright": "Chef Software, Inc.", | |
| "copyright_email": "[email protected]", | |
| "license": "Proprietary, All rights reserved", |