Page History
...
The working unit of InSpec is a profile that provides a versioned structure containing checks (i.e. tests); related checks are grouped in "control" blocks. Control is similar to having an a high-level rule composed of multiple checks.
...
Please have a look at the control named "os-0711".
Expand | |||||
---|---|---|---|---|---|
|
...
After successfully running the Test Case and generating the JUnit XML report (e.g., junit.xml), it can be imported to Xray (either by the REST API or by using one of the available CI addons or even through Import Execution Results action within the Test Execution).
...
Each check is mapped to a Generic Test in Jira, and the Generic Test Definition field contains the name of the profile followed by the name of the control and the value of the metadata defined using the "desc" attribute within the "control" some text derived from the assertion being done in the describe and inner it block.
The Context section contains information about the profile name.
Tips
It may be useful to have a Test Plan with all these checks organized hierarchically, so you can track compliance at multiple levels.
- create an empty Test Plan
- import the results, so you'll have a Test Execution
- go to the Test Plan issue screen and add the Test Execution
- organize the Tests within the Test Plan Board
Info | ||
---|---|---|
| ||
To organize the Tests in the Board of the Test Plan, you may use filters based on the Generic Test Definition field, filtering by the name of the profile plus the name of the control. Then you can easily move the Tests that matter to the folder that you want. |
References
- https://www.inspec.io/
- https://www.inspec.io/docs/
- https://learn.chef.io/modules/try-inspec#/
- http://www.anniehedgie.com/inspec/
- https://medium.com/gsktech/always-on-compliance-with-inspec-e3015a229be4
- https://github.com/dev-sec/linux-baseline
...