Skip to content
SAF InSpec Profile DeveloperSAF InSpec Profile Developer
MITRE InSpec Profile Developer Course
Course
Resources
Installation
  • Course

    • Course Overview
      • Starting the Journey
        • Studying an InSpec Profile
          • Exploring the InSpec Shell
            • Writing InSpec Controls
              • Generating InSpec Results
                • Generating InSpec Results
                  • Syntax
                    • Supported Reporters
                      • Putting it all together
                    • Viewing and Analyzing Results
                      • InSpec Examples
                        • Profile Inheritance & Overlays
                          • From STIG to Profile

                          Generating InSpec Results

                          May 22, 2022About 1 min

                          On This Page
                          • Generating InSpec Results
                            • Syntax
                            • Supported Reporters
                            • Putting it all together

                          # Generating InSpec Results

                          InSpec allows you to output your test results to one or more reporters. You can configure the reporter(s) using either the --json-config option or the --reporter option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen (via stdout).

                          inspec exec /root/my_nginx -t docker://CONTAINER_NAME --reporter cli json:baseline_output.json
                          

                          # Syntax

                          You can specify one or more reporters using the --reporter cli flag. You can also specify a output by appending a path separated by a colon.

                          Output json to screen:

                          inspec exec /root/my_nginx --reporter json
                          

                          or

                          inspec exec /root/my_nginx --reporter json:-
                          

                          Output yaml to screen:

                          inspec exec /root/my_nginx --reporter yaml
                          

                          or

                          inspec exec /root/my_nginx --reporter yaml:-
                          

                          Output cli to screen and write json to a file:

                          inspec exec /root/my_nginx --reporter cli json:/tmp/output.json
                          

                          Output nothing to screen and write junit and html to a file:

                          inspec exec /root/my_nginx --reporter junit:/tmp/junit.xml html:www/index.html
                          

                          Output json to screen and write to a junit file:

                          inspec exec /root/my_nginx --reporter json junit:/tmp/junit.xml | tee out.json
                          

                          If you wish to pass the profiles directly after specifying the reporters you will need to use the end of options flag --:

                          inspec exec --reporter json junit:/tmp/junit.xml -- profile1 profile2
                          

                          # InSpec config.json file

                          InSpec also let's you capture all these in a configuration file:

                          {
                            "reporter": {
                              "cli": {
                                "stdout": true
                              },
                              "json": {
                                "file": "/tmp/output.json",
                                "stdout": false
                              }
                            }
                          }
                          

                          You can read more about this at https://docs.chef.io/inspec/config/open in new window

                          # Supported Reporters

                          The following are the current supported reporters:

                          • cli
                          • json
                          • json-min
                          • yaml
                          • documentation
                          • junit
                          • progress
                          • json-rspec
                          • html

                          You can read more here: https://www.inspec.io/docs/reference/reporters/open in new window

                          # Putting it all together

                          The following command will run the nginx baseline profile from github and use the reporter to output a json file. You will need this json file for the next step of loading it into Heimdall:

                          inspec exec https://github.com/dev-sec/nginx-baseline -t docker://<CONTAINER NAME> --reporter cli json:baseline_output.json
                          
                          Edit this pageopen in new window
                          Last update: 8/15/2022, 7:14:06 PM
                          Contributors: Aaron Lippold,Emily Rodriguez,wdower
                          Prev
                          Writing InSpec Controls
                          Next
                          Viewing and Analyzing Results
                          Apache-2.0 | Copyright © 2022 - The MITRE Corporation
                          Copyright © 2022 Aaron Lippold