Skip to content

Add Windows/InSpec Support

Pre-release
Pre-release

Choose a tag to compare

View all tags
@thheinen thheinen released this 30 Oct 17:11
· 11 commits to master since this release
v0.2.0
2a20a9d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

It is now possible to use this transport with Windows instances as well. By changing some return value handling, the transport can also handle InSpec scans now.

Usage examples:

inspec exec https://github.com/dev-sec/linux-baseline/archive/2.5.0.tar.gz -t awsssm://i-0123456789abcd

inspec exec https://github.com/dev-sec/windows-baseline/archive/2.1.6.tar.gz -t awsssm://i-123456789abcde

The transport also checks if the instance is up and registered with SSM. It tries to resolve the Instance ID from IP or a given hostname. You need to provide valid AWS credentials as usual (AWS CLI profile, instance role, environment variables etc).

Please note, that by principle the execution takes a long while as every check is individually started on the target machine. Experimental runtime for the Windows benchmark was 27 minutes and for the Linux benchmark only 2 minutes.

Assets 3
Loading