Hi folks, I've watched the project for a couple of years now and done some work with it. I'm grateful many of you took the time to get SSG where it's at. Recently I came across chef.io's Inspec and I thought hey, this seems to solve alot of the engineering challenges the SSG project seems to have, especially with multi-distro support. Github: https://github.com/chef/inspec Product: https://www.chef.io/inspec/
Here are some of the benefits my eyes see: * Content is centralized (less mutli-file editing for the same tests aka less XMHell :-) * Content is encouraged to be less distribution specific but allowed to be as specific as it needs, and this is encouraged inside a module, meaning less versions are floating around in the codebase * Declarative/Programmatic as opposed to Declaritive/document oriented - I'd say with the later case has led to somewhat awkward and hard write tests, in some cases * Can test active configuration as well as configuration file state * Looks significantly less verbose - as in saving 10x lines of sourcecode (not counting XML output) and developer productivity would be much higher * and as a possible benefit, I wouldn't be surprised if tests ran much faster - though I have done no extensive tests to show this. Most importantly I believe inspec could pave the way to all distros working off of a common and smaller codebase than the existing SSG implementation and be far less maintenance burden and as such I wanted to raise awareness and get a topic going on the ML. Inspec doesn't seem compatible out right with openscap (or maybe it is - they have bidirectional oval/xccdf consumers/emitters), but it IS aiming to replace OVAL/XCCDF as something more sane and just plain old better for the tasks. They also have tools for running it without scap tools involved of course so it doesn't have to lean on openscap et al, but for some people being seperate from SCAP tools is going to be a con and not a pro. _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
