Welcome
Welcome to the ansible-inspec documentation! This tool bridges infrastructure automation and compliance testing by combining Ansible's inventory management with InSpec's compliance framework.
What is ansible-inspec?
ansible-inspec is an enterprise-ready compliance automation platform that transforms how you approach infrastructure compliance. It provides both a powerful CLI for local testing and a production-grade server with REST API for automated compliance workflows at scale.
The Problem It Solves
Traditional compliance testing involves:
SSH-ing into servers manually or writing custom scripts
Maintaining separate inventories for compliance tools
Manually compiling results into spreadsheets
Spending hours generating reports for security teams
Repeating this process monthly for audits
With ansible-inspec, you:
✅ Use your existing Ansible inventory for compliance testing
✅ Run InSpec profiles without learning new tools
✅ Generate audit-ready reports automatically
✅ Convert InSpec profiles to pure Ansible (no InSpec needed!)
✅ Access 100+ pre-built profiles from Chef Supermarket
✅ Run compliance checks in parallel across your entire fleet
✅ Enterprise REST API with job templates and workflows
✅ Azure AD authentication and PostgreSQL database
✅ VCS integration with automatic Git sync
Key Features
🌐 Server Features
Enterprise Compliance Platform
REST API Server: FastAPI-based async API for automation
Job Templates: Reusable compliance check configurations
Workflow Orchestration: Chain multiple checks together
Azure AD Authentication: Enterprise SSO with RBAC
PostgreSQL Database: Scalable storage with Prisma ORM
VCS Integration: Auto-sync InSpec profiles from Git
Monitoring: Prometheus metrics and health checks
See Server Guide for complete server documentation.
🚀 CLI Features
1. Native InSpec Execution Run existing InSpec profiles using your Ansible inventory.
2. Profile Conversion (InSpec-Free Mode) Convert Ruby-based InSpec profiles to pure Ansible collections.
3. Chef Supermarket Integration Access 100+ pre-built compliance profiles instantly.
📊 Multi-Format Reporting
Generate compliance reports in multiple formats:
JSON - InSpec schema v5.22.0 compatible (works with Chef Automate)
HTML - Interactive dashboards with pass/fail statistics
JUnit - CI/CD integration for automated testing
CLI - Real-time output during execution
🐳 Flexible Deployment
Available in multiple formats:
PyPI -
pip install ansible-inspecDocker - Pre-built images with PostgreSQL
Docker Compose - Full stack deployment (API + Database)
Source - Install from GitHub for latest features
🔄 InSpec-Free Operation
Converted collections run with:
Zero InSpec dependency
Pure Ansible native modules
Automatic report generation via callback plugin
Ready-to-distribute .tar.gz files
Quick Start
Server Deployment (Recommended for Production)
Docker Compose:
See Server Guide, Database Setup, and Authentication.
CLI Installation
Option 1: PyPI (Recommended for CLI)
Option 2: Docker
Option 3: From Source
Your First Compliance Check
Step 1: Create an inventory file
Step 2: Run a compliance check
Step 3: Convert to InSpec-free mode
Use Cases
Monthly Compliance Reporting
CI/CD Integration
Parallel Fleet Scanning
Getting Help
GitHub Issues: Report bugs or request features
Documentation: Browse the sections in this guide
API Reference: See the API Documentation
License
ansible-inspec is licensed under GPL-3.0-or-later, combining:
Ansible (GPL-3.0)
InSpec (Apache-2.0)
See the LICENSE file for full details.
Ready to get started? Head to the Getting Started Guide →
Last updated