InSpec Extension for Visual Studio Code

This extension for Visual Studio Code provides grammar and code snippets for InSpec when using Visual Studio Code.

InSpec Extention Demo

Features

Syntax/keyword highlighting:

InSpec - control blocks
InSpec - describe blocks
InSpec - resource

Installation

You will need to install Visual Studio Code 1.5 or higher.
From the command palette Ctrl-Shift-P (Windows, Linux) or Cmd-Shift-P (OSX) select Install Extension, choose Inspec and reload Visual Studio Code.
Once the Extention is installed to enable it, choose the InSpec language from the bottom right corner (the default is Plain Text) It should then look like this
.... or use the keyboard shortcut (Ctrl-K) M & type Inspec if you happen to be scared of mice :)

Usage

InSpec in it's simplest form is describe block in which you describe a resource's expected configuration. e.g.

describe file('/etc/myapp.conf') do
  it { should exist }
  its('mode') { should cmp '0644' }
end

TIP: Try typing the resource you want to use i.e. file and let the snippet create the describe block for you

InSpec describe demo

What is InSpec?

InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.

Where can I find more?

The inspec.io website is full of documentation and links to download the code There is also an interactive demo in which will allow you try it out with a web browser.

InSpec Snippet Support matrix

InSpec Resource	Extension Snippet
aws_billing_report	:white_check_mark: aws_billing_report
aws_billing_reports	:white_check_mark: aws_billing_reports
aws_cloudtrail_trail	:white_check_mark: aws_cloudtrail_trail
aws_cloudtrail_trails	:white_check_mark: aws_cloudtrail_trails
aws_cloudwatch_alarm	:white_check_mark: aws_cloudwatch_alarm
aws_cloudwatch_log_metric_filter	:white_check_mark: aws_cloudwatch_log_metric_filter
aws_config_delivery_channel	:white_check_mark: aws_config_delivery_channel
aws_config_recorder	:white_check_mark: aws_config_recorder
aws_ec2_instance	:white_check_mark: aws_ec2_instance
aws_ebs_volume	:white_check_mark: aws_ebs_volume
aws_ebs_volumes	:white_check_mark: aws_ebs_volumes
aws_flow_log	:white_check_mark: aws_flow_log
aws_ec2_instances	:white_check_mark: aws_ec2_instances
aws_ecs_cluster	:white_check_mark: aws_ecs_cluster
aws_eks_cluster	:white_check_mark: aws_eks_cluster
aws_elb	:white_check_mark: aws_elb
aws_elbs	:white_check_mark: aws_elbs
aws_iam_access_key	:white_check_mark: aws_iam_access_key
aws_iam_access_keys	:white_check_mark: aws_iam_access_keys
aws_iam_group	:white_check_mark: aws_iam_group
aws_iam_groups	:white_check_mark: aws_iam_groups
aws_iam_password_policy	:white_check_mark: aws_iam_password_policy
aws_iam_policies	:white_check_mark: aws_iam_policies
aws_iam_policy	:white_check_mark: aws_iam_policy
aws_iam_role	:white_check_mark: aws_iam_role
aws_iam_root_user	:white_check_mark: aws_iam_root_user
aws_iam_user	:white_check_mark: aws_iam_user
aws_iam_users	:white_check_mark: aws_iam_users
aws_kms_key	:white_check_mark: aws_kms_key
aws_kms_keys	:white_check_mark: aws_kms_keys
aws_rds_instance	:white_check_mark: aws_rds_instance
aws_route_table	:white_check_mark: aws_route_table
aws_route_tables	:white_check_mark: aws_route_tables
aws_s3_bucket	:white_check_mark: aws_s3_bucket
aws_s3_bucket_object	:white_check_mark: aws_s3_bucket_object
aws_s3_buckets	:white_check_mark: aws_s3_buckets
aws_security_group	:white_check_mark: aws_security_group
aws_security_groups	:white_check_mark: aws_security_groups
aws_sns_subscription	:white_check_mark: aws_sns_subscription
aws_sns_topic	:white_check_mark: aws_sns_topic
aws_sns_topics	:white_check_mark: aws_sns_topics
aws_sqs_queue	:white_check_mark: aws_sqs_queue
aws_subnet	:white_check_mark: aws_subnet
aws_subnets	:white_check_mark: aws_subnets
aws_vpc	:white_check_mark: aws_vpc
aws_vpcs	:white_check_mark: aws_vpcs
azure_generic_resource	:white_check_mark: azure_generic_resource
azure_resource_group	:white_check_mark: azure_resource_group
azure_virtual_machine	:white_check_mark: azure_virtual_machine
azure_virtual_machine_data_disk	:white_check_mark: azure_virtual_machine_data_disk
aide_conf	:white_check_mark: aide_conf
apache	:white_check_mark: apache
apache_conf	:white_check_mark: apache_conf
apt	:white_check_mark: apt
ppa	:white_check_mark: ppa
audit_policy	:white_check_mark: audit_policy
auditd	:white_check_mark: auditd
auditd_conf	:white_check_mark: auditd_conf
command	:white_check_mark: command
bash	:white_check_mark: bash
file	:white_check_mark: file
bond	:white_check_mark: bond
bridge	:white_check_mark: bridge
chocolatey_package	:white_check_mark: chocolatey_package
cran	:white_check_mark: cran
cpan	:white_check_mark: cpan
crontab	:white_check_mark: crontab
dh_params	:white_check_mark: dh_params
directory	:white_check_mark: directory
docker	:white_check_mark: docker
docker_container	:white_check_mark: docker_container
docker_image	:white_check_mark: docker_image
docker_plugin	:white_check_mark: docker_plugin
docker_service	:white_check_mark: docker_service
package	:white_check_mark: package
elasticsearch	:white_check_mark: elasticsearch
etc_fstab	:white_check_mark: etc_fstab
etc_group	:white_check_mark: etc_group
etc_hosts_allow	:white_check_mark: etc_hosts_allow
etc_hosts_deny	:white_check_mark: etc_hosts_deny
etc_hosts	:white_check_mark: etc_hosts
filesystem	:white_check_mark: filesystem
firewalld	:white_check_mark: firewalld
gem	:white_check_mark: gem
groups	:white_check_mark: groups
group	:white_check_mark: group
grub_conf	:white_check_mark: grub_conf
host	:white_check_mark: host
http	:white_check_mark: http
iis_app	:white_check_mark: iis_app
iis_app_pool	:white_check_mark: iis_app_pool
iis_site	:white_check_mark: iis_site
iis_website	:white_check_mark: iis_website
inetd_conf	:white_check_mark: inetd_conf
interface	:white_check_mark: interface
iptables	:white_check_mark: iptables
json	:white_check_mark: json
kernel_module	:white_check_mark: kernel_module
kernel_parameter	:white_check_mark: kernel_parameter
linux_kernel_parameter	:white_check_mark: linux_kernel_parameter
key_rsa	:white_check_mark: key_rsa
ksh	:white_check_mark: ksh
limits_conf	:white_check_mark: limits_conf
login_defs	:white_check_mark: login_defs
mount	:white_check_mark: mount
mssql_session	:white_check_mark: mssql_session
mysql	:white_check_mark: mysql
mysql_conf	:white_check_mark: mysql_conf
mysql_session	:white_check_mark: mysql_session
nginx	:white_check_mark: nginx
nginx_conf	:white_check_mark: nginx_conf
npm	:white_check_mark: npm
ntp_conf	:white_check_mark: ntp_conf
oneget	:white_check_mark: oneget
oracledb_session	:white_check_mark: oracledb_session
platform	:white_check_mark: platform
os	:white_check_mark: os
os_env	:white_check_mark: os_env
packages	:white_check_mark: packages
parse_config	:white_check_mark: parse_config
parse_config_file	:white_check_mark: parse_config_file
passwd	:white_check_mark: passwd
pip	:white_check_mark: pip
port	:white_check_mark: port
postgres	:white_check_mark: postgres
postgres_conf	:white_check_mark: postgres_conf
postgres_hba_conf	:white_check_mark: postgres_hba_conf
postgres_ident_conf	:white_check_mark: postgres_ident_conf
postgres_session	:white_check_mark: postgres_session
powershell	:white_check_mark: powershell
script	:white_check_mark: script
processes	:white_check_mark: processes
rabbitmq_config	:white_check_mark: rabbitmq_config
registry_key	:white_check_mark: registry_key
windows_registry_key	:white_check_mark: windows_registry_key
security_identifier	:white_check_mark: security_identifier
security_policy	:white_check_mark: security_policy
service	:white_check_mark: service
systemd_service	:white_check_mark: systemd_service
upstart_service	:white_check_mark: upstart_service
sysv_service	:white_check_mark: sysv_service
bsd_service	:white_check_mark: bsd_service
launchd_service	:white_check_mark: launchd_service
runit_service	:white_check_mark: runit_service
shadow	:white_check_mark: shadow
ssh_config	:white_check_mark: ssh_config
sshd_config	:white_check_mark: sshd_config
ssl	:white_check_mark: ssl
sys_info	:white_check_mark: sys_info
toml	:white_check_mark: toml
users	:white_check_mark: users
user	:white_check_mark: user
vbscript	:white_check_mark: vbscript
virtualization	:white_check_mark: virtualization
windows_feature	:white_check_mark: windows_feature
windows_hotfix	:white_check_mark: windows_hotfix
windows_task	:white_check_mark: windows_task
wmi	:white_check_mark: wmi
x509_certificate	:white_check_mark: x509_certificate
xinetd_conf	:white_check_mark: xinetd_conf
yum	:white_check_mark: yum
zfs_dataset	:white_check_mark: zfs_dataset
zfs_pool	:white_check_mark: zfs_pool
yaml	:white_check_mark: yaml
csv	:white_check_mark: csv
ini	:white_check_mark: ini
xml	:white_check_mark: xml

Publishing

This describes the setup procedure for the tools and tokens required to publish the extension: https://code.visualstudio.com/docs/tools/vscecli

# Install the dependencies for the project
$ npm install
# Publish a version of the extension
$ npm publish (major|minor|patch)

Contributions

Contributions are welcomed, please create an issue and a pull requests via the project homepage.

Version History

Review the CHANGELOG.md

InSpec

Franklin Webber