Engineer for the future of Cloud
June 10-13, 2019
San Jose, CA

Infrastructure and compliance testing with InSpec (sponsored by Google Cloud)

Ben Bleything (Google)
9:00am12:30pm Tuesday, June 11, 2019
Sponsored
 Location: LL20 D
Average rating: ****.
(4.50, 2 ratings)

Level

Beginner

Prerequisite knowledge

  • A working knowledge of Linux administration (e.g., service management, package management, etc.)
  • Familiarity with the command line and at least one CLI editor (Nano, Vim, Emacs, etc.)
  • Bonus points for familiarity with cloud computing, infrastructure as code, and configuration management

Materials or downloads needed in advance

  • A WiFi-enabled laptop with a modern browser like Chrome or Firefox installed (if you'd like to complete the tutorial using only the browser)
  • If you'd prefer to work locally, you'll need a working Ruby installation (version 2.4 or later) and a Git client. A repository containing setup scripts will be provided during the tutorial.

What you'll learn

  • Learn how to use the open source InSpec framework to build infrastructure and compliance tests

Description

Ben Bleything provides an introduction to automated infrastructure and compliance testing using the open source InSpec framework and related tooling. You’ll leave with the knowledge and experience necessary to start implementing test suites for your own infrastructure. Learn the basics of InSpec and get hands-on experience writing controls for common cases like baking a golden image and basic integration testing of deployed services.

You’ll work through a scenario where you’ll detect and mitigate a security vulnerability and implement a series of controls to detect and prevent future vulnerabilities. Finally, Ben talks about compliance testing. You’ll implement an InSpec profile that pulls in community profiles for basic OS hardening as well as implements custom controls for policy compliance.

This tutorial is sponsored by Google Cloud.

Photo of Ben Bleything

Ben Bleything

Google

Ben Bleything is a developer and sysadmin from Seattle, Washington. He’s best known as one of the world’s leading experts in the emerging field of clown computering. In his spare time, Ben is a developer advocate at Google, where he’s focused on making the experience of operating software on Google Cloud as awesome as possible.

Comments on this page are now closed.

Comments

Brian Chukwu-Smith | CAPACITY MANAGER
06/10/2019 10:55am PDT

Hello –
I am wondering if this tutorial might be a good fit for me. I am a capacity planner and am interested in testing our infrastructure in a number of ways (on prem & in the cloud).

However, I do not have experience as a linux admin and I have not extensively used command line beyond “back yard” use. I was wondering if this will be over my head?

Thanks very much for your time – I apprediate your input.