MintPress provides an Infrastructure testing framework with a human-readable language for specifying compliance, security and other policy requirements. When compliance is code, you can integrate automated tests that check for adherence to policy into any stage of your deployment pipeline.
Based on InSpec (www.inspec.io), MintSpec has been extended to provide a Weblogic DSL and is natively integrated into MintPress.
With MintSpec you can
- Dynamically generate your compliance policies from MintPress configuration (i.e. MintPress JSON files). Allow MintPress to perform automated TVT and compliance checking post build.
- Model your infrastructure compliance policies and security operating environment requirements as code
- Perform continuous compliance testing on your platform
- Monitor compliance testing results
Automated Technical Verification Testing with MintSpec
MintSpec can dynamically generate compliance policies from MintPress configuration files and perform automated Technical Verification Testing (TVT).
Example: In the example below, MintSpec will obtain the configuration of the OSB asset in the DEMO environment from the MintPress configuration repository, dynamically generate the compliance policies, and execute the tests against each node in the environment to verify compliance. These tests can be executed regularly to ensure compliance of the system against its configuration baseline.
$> mintspec --user mintpress \ --sudo \ --environment demo \ --asset-code osb \ --ssh-key ~/.ssh/my-ssh-key \ --format cli
Continuous Compliance Testing with MintSpec
Below is a sample of some compliance policies. Very extensible and flexible domain specific language (DSL) to describe your policies.
Learn more about MintPress