Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

DevSec: Continuous compliance and security with InSpec

Christoph Hartmann (Chef Software), Dominik Richter (Chef Software)
1:15pm–1:55pm Wednesday, November 1, 2017
Security usability
Location: Beekman

Who is this presentation for?

  • Developers, security engineers, and those in operations

Prerequisite knowledge

  • A general understanding of DevOps and continuous integration

What you'll learn

  • Explore InSpec, an open source tool for infrastructure, security, and compliance testing


Best practices for server hardening and patching have been in place for decades, but it’s still very cumbersome to enforce those rules continuously. As a result, many servers are still unsecured. However, as the amount of server infrastructure increases, the ways we manage our systems must adapt to keep pace. We need tools that enable us to implement compliance automation.

Christoph Hartmann and Dominik Richter offer an overview of InSpec—an open source tool for infrastructure, security, and compliance testing—and demonstrate how patch and security level can be assessed in CI/CD and production environments. InSpec’s DSL is a human and machine-readable assessment language that is extendable and customizable. Since testing can be fully automated with InSpec, companies are enabled to assess and enforce secure configuration across their IT fleet.

Photo of Christoph Hartmann

Christoph Hartmann

Chef Software

Christoph Hartmann is a cofounder and lead engineer at Chef, where he has spent the last decade building complex software and infrastructure systems. Previously, Christoph was responsible for automation at the innovation laboratory at Deutsche Telekom and created effective solutions managing the future their core networks. He is the cofounder of InSpec, Chef Compliance, and the project.

Photo of Dominik Richter

Dominik Richter

Chef Software

Dominik Richter is a product manager at Chef, an entrepreneur, and a leading expert in both security and automation. Dominik honed his abilities at Deutsche Telekom, where he headed the security of Telekom’s first OpenStack Cloud. He is a cofounder of InSpec, Chef Compliance, and the project.