What is Chef InSpec and How it works? An Overview and Its Use Cases

History & Origin of  Chef InSpec

It was acquired in 2020 and merged to become Progress Chef. The company was founded as Opscode in 2008 by current Chief Technology Officer Adam Jacob, Jesse Robbins, Barry Steinglass, and Nathan Haneysmith.

Chef was created by Adam Jacob as a tool for his consulting company, whose business model was to build end-to-end server/deployment tools. Jacob showed Chef to Jesse Robbins, who saw its potential after running operations at Amazon.

What is Chef InSpec?

Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.

Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. Chef InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. Chef InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.

How Chef InSpec works aka Chef InSpec architecture?

An Overview of Chef InSpec

Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. Chef InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. Chef InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.

Getting started with Chef InSpec

Below are some of the core concepts that make up Chef InSpec.

Create a profile

Profiles are the core of the Chef InSpec testing experience. Use Chef InSpec profiles to manage everything you need to run a security or compliance scan–attributes, metadata, and the tests themselves.

Add your tests

You can create tests three different ways: By composing your own tests, by including tests from the Chef Supermarket or by adding tests from the Dev-Sec Project as dependencies. You can also customize your tests–pulling in the tests from our Supermarket and change them to suit your unique needs with the easy-to-read and easy-to-write Chef InSpec language.

Target your system

Run your tests wherever your infrastructure is–locally or in the cloud. Chef InSpec is designed for platforms and treats operating systems as special cases. Chef InSpec helps you, whether you use Windows Server on your own hardware or run Linux in Docker containers in the cloud. As for the cloud, you can use Chef InSpec to target applications and services running on AWS and Azure.


Chef InSpec nearly 500 resources ready use–Apache2 to ZFS pool. If you need a solution that we haven’t provided, you can write your own custom resource.

Feature and Advantage of using Chef InSpec

Not quite a year after launching Chef Automate, cloud-based software development company Chef has improved support for InSpec and Habitat — its code testing and app building projects — within its flagship product as it kicks off ChefConf 2017.

Seattle-based Chef helps companies developing applications on cloud services or across hybrid cloud environments to build, manage and deploy those applications with its Chef Automate product. The company is expected to announce tighter integration between its InSpec and Habitat open-source projects and Chef Automate in Austin on Tuesday.

“We’re helping organizations with where they are at today, but we provide a bridge to the future, (showing) how they can go about delivering software across those environments,” said Ken Cheney, chief marketing officer at Chef, in an interview prior to ChefCon.

Chef Automate users can now use InSpec’s technology directly in their regular workflow to ensure that applications developed in Chef Automate are adhering to compliance and security rules. Habitat, an open-source project for deploying apps across on-premise and cloud environments, is also now part of the Chef Automate dashboard.

Several new features have also been added to both open-source projects. InSpec can now assess compliance of applications running on Amazon Web Services, Microsoft Azure, and VMware vSphere, part of Chef’s strategy of bridging older computing environments and newer ones. And Habitat now supports additional tools for packaging apps in containers and for deploying packaged apps across platforms for big data analysis, middleware, or databases.

As older companies struggle with the reality of moving older applications to cloud services, they turn to companies like Chef and rival Puppet for tools to help them take advantage of modern development practices without breaking everything in the process. Like a lot of enterprise computing companies, Chef is attempting to commercialize a product (Chef Automate) atop an open-source project; in this case, three projects, including the flagship Chef project.

Chef’s Nell Shamrell-Harrington will be at our GeekWire Cloud Tech Summit in June explaining the history of DevOps and its future.

Best Alternative of Chef InSpec

8 Server Automation Alternatives To Chef

As one of the most popular server automation tools, Chef offers impressive features for any organization. However, if you’re looking for other solutions, here’s a list of Chef alternatives for you.

  • Ansible
  • Jenkins
  • Puppet
  • CircleCI
  • SaltStack
  • Terraform
  • Vagrant

    The Features and Benefits of Attune Include:

Best Resources, Tutorials and Guide for

Free Video Tutorials of Chef InSpec

Interview Questions and Answer for Chef InSpec

Q #1) Explain the DevOps Life Cycle?

Answer: DevOps Life Cycle is made up of stages such as Continuous Development, Integration, Testing, Deployment, and Monitoring. We explain the stages below.

Q #2) What are the responsibilities of system administrators in an organization?

Answer: System administrator is responsible for effective planning, installation, configuration, and optimizing the IT infrastructure to achieve high availability and performance.

Q #3) What do you mean by IT infrastructure?

Answer: IT infrastructure includes all the physical hardware such as systems, servers, network systems, switch, routers, legacy interfaces and facilities like data centers, data storage, and its retrieval and all the elements that are utilized to manage and use data and information securely to protect business goals of an organization.

Q #4) What is Configuration management?

Answer: Configuration management maintains infrastructure such as servers, storage, networks, and software in the desired state for the systems. It offers automation software responsible for maintaining the desired state of targeted systems and software.

It provides consistency and correctness of configuration management; automates the time-consuming manual configuration processes, improving efficiency and accuracy with fewer resources. Popular automation tools for configuration management are Red Hat Ansible, Chef, and Puppet.

Q #5) Can you please compare Chef and Puppet?

Answer: Both Chef and Puppet are DevOps tools for configuration management of on-premise and cloud-based infrastructure. Both require familiarity in Ruby language. The differences between the two are enlisted in the below table:

Chef Puppet
On availability front, a backup server will take over operations, in case Chef’s primary server stops for any reason. Puppet has a multiple master architecture; a standby master takes care of operations, in case Puppet’s active master stops.
Chef use recipes and cookbooks in order to configure the infrastructure. Puppet use manifests and modules in order to manage the configuration of systems and servers.
Chef consists of Workstation, server, and nodes as its main components Puppet uses Servers as master machines and client machines as agents.
Chef require RubyDSL language for configuration management. Puppet uses its own PuppetDSL language in order to automate and reset configurations.
Chef is code-driven, gives more flexibility and control to developers in configuration management. Puppet has a User interface and reporting features.
The ‘Knife’ tool in Chef reduces installation issues. Puppet is command-line language,

Q #6) List the products offered by Chef for DevOps operations.

Answer: Products offered include:

  • Chef Desktop
  • Chef Compliance
  • Chef Infra
  • Chef Habitat
  • Chef Inspec
  • Chef Automate

Q #7) Explain about Chef Desktop

Answer: It helps control IT resources like laptops, desktops, and kiosk workstations remotely from a centralized location. It automates deployment, management, and secures the maintenance of IT resources. It automates tasks such as implementing policy-driven configuration and eliminates manual time-consuming processes.

Q #8) What are the features of Chef Compliance?

Answer: Chef Compliance helps enforce and maintain compliances and prevent security incidents with standard audit and remediation content across heterogeneous estates to provide visibility and control across hybrid and multi-cloud environments.

Q #9) How Chef Infra is used by the DevOps team in Infrastructure management?

Answer: Chef Infra automates configuration of infrastructure, ensures consistent, correct, flexible, testable, versionable, and human-readable configuration policy, and any modification in configuration will be applied universally across the entire infrastructure.

Q #10) Explain the features of Chef Habitat.

Answer: It offers automation in defining, packaging, and delivering applications to any environment, irrespective of deployment platform or operating system. It creates deployable artifacts for virtual machines or containers without refactoring or rewriting. It also helps scale the adoption of agile delivery practices across operations and development.

Q #11) Explain the importance of Chef Inspec in compliance with automation.

Answer: Chef Inspec provides security and compliance rules across security engineers, operations, and software developers. It enforces consistent standards in the managed environment and in each stage of development by running automated tests for compliance, security, and other policy requirements across servers, containers, and cloud APIs.

Q #12) How Chef Automate is utilized?

Answer: Chef Automate offers an analytics dashboard for developers, operations, and security personnel in one place, delivering changes in infrastructure and application. It also offers actionable insights on performance and scaling across multiple data centers and cloud providers.

Q #13) Explain Chef components.

Answer: Chef consists mainly of three components: viz. Chef Workstation, Chef Server, and Chef Node.

  • Chef Workstation: It is installed on a local machine, has features such as ad hoc remote execution, scanning, configuration tasks, and tools for the creation of a cookbook. Workstation, a replacement to ChefDK, contains Chef Infra Client, InSpec, testing tools like Test Kitchen, ChefSpec, and Cookstyle, Chef and Knife command-line tools.
  • Chef Server: It is a storage place where configuration policies defined in cookbooks and searchable managed metadata for each node are saved. Nodes that are managed by Chef check in regularly with Chef Server, in order to keep their local configurations up to date.
  • Chef Node: It contains run-list and node attributes, described in the JSON file stored on Chef Server. Chef client gets a copy of node object during each Chef client-run, which in turn, replaces an updated copy of Chef Server at the end of the chef-client run.

Chef Workstation

Q #14) Explain Resource in Chef.

Answer: Resource in Chef is a document on configuration policy that,

  • Specifies the state desired for a configuration item.
  • Lists steps required to bring this item to the desired state.
  • Outlines a resource type like package, template, or service.
  • Display the necessary resource properties.
  • Resources are working configurations grouped into recipes.

The syntax in Ruby for resources is made of four components, a type, a name, one or more properties, and one or more actions with their corresponding values as shown below:


Q #15) Explain the use of Recipe in Chef.

Answer: Recipe is a collection of resources that decides the policy or configuration of a node. To run a recipe, it must reside on the node’s run list. They are created using Ruby and have all the instructions about everything that is required to run, update, or create on Chef Client’s node.




Rajesh Kumar
Follow me
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x