README
¶
inspec-ssm-reporter
Overview
This is a utility to transform InSpec JSON into an AWS Compliance document
- Parses JSON from STDIN
- Transforms into an AWS Compliance Document
- Reports to SSM Compliance
Background
The default AWS-provided pattern leverages the Ruby environment provided by ChefDK and installs aws-sdk-ssm directly from Rubygems. Installing ChefDK for this is heavy-handed and not ideal at scale. Additionally, the scripts pull installation packages directly from the Internet which does not work in an air-gapped environment.
The goal here is to deploy InSpec by itself (much smaller package) and leverage this static Golang binary to handle the compliance reporting. This removes the need for a Ruby environment
AWS Equivalent
Calling Scripts
- http://aws-ssm-us-east-1.s3.amazonaws.com/inspec/run_inspec.ps1
- http://aws-ssm-us-east-1.s3.amazonaws.com/inspec/run_inspec.sh
Usage
Linux
inspec exec . --reporter json | inspec-ssm-reporter
if [ $? -ne 0 ]; then
echo "Failed to execute InSpec tests: see stderr"
EXITCODE=2
fi
Windows
$results=inspec exec . --reporter json 2> errors.txt
$results | inspec-ssm-reporter
if(!$?) {
Write-Host "Failed to execute InSpec tests: see stderr"
$EXITCODE=2
}
Development
- Use gvm under WSL
- gvm install go1.15.1
- Run
gofmtbefore committinggofmt -w .
InSpec JSON Model
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.