SAF InSpec Profile Developer

Generating InSpec Results

May 22, 2022About 1 min

Generating InSpec Results

InSpec allows you to output your test results to one or more reporters. You can configure the reporter(s) using either the --json-config option or the --reporter option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen (via stdout).

inspec exec /root/my_nginx -t docker://CONTAINER_NAME --reporter cli json:baseline_output.json

Syntax

You can specify one or more reporters using the --reporter cli flag. You can also specify a output by appending a path separated by a colon.

Output json to screen:

inspec exec /root/my_nginx --reporter json

or

inspec exec /root/my_nginx --reporter json:-

Output yaml to screen:

inspec exec /root/my_nginx --reporter yaml

or

inspec exec /root/my_nginx --reporter yaml:-

Output cli to screen and write json to a file:

inspec exec /root/my_nginx --reporter cli json:/tmp/output.json

Output nothing to screen and write junit and html to a file:

inspec exec /root/my_nginx --reporter junit:/tmp/junit.xml html:www/index.html

Output json to screen and write to a junit file:

inspec exec /root/my_nginx --reporter json junit:/tmp/junit.xml | tee out.json

If you wish to pass the profiles directly after specifying the reporters you will need to use the end of options flag --:

inspec exec --reporter json junit:/tmp/junit.xml -- profile1 profile2

InSpec config.json file

InSpec also let's you capture all these in a configuration file:

{
  "reporter": {
    "cli": {
      "stdout": true
    },
    "json": {
      "file": "/tmp/output.json",
      "stdout": false
    }
  }
}

You can read more about this at https://docs.chef.io/inspec/config/open in new window

Supported Reporters

The following are the current supported reporters:

  • cli
  • json
  • json-min
  • yaml
  • documentation
  • junit
  • progress
  • json-rspec
  • html

You can read more here: https://www.inspec.io/docs/reference/reporters/open in new window

Putting it all together

The following command will run the nginx baseline profile from github and use the reporter to output a json file. You will need this json file for the next step of loading it into Heimdall:

inspec exec https://github.com/dev-sec/nginx-baseline -t docker://<CONTAINER NAME> --reporter cli json:baseline_output.json
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2022 Aaron Lippold