diff --git a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md
index 11b4a730fc..f1ca0944e9 100644
--- a/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md
+++ b/_vendor/github.com/inspec/inspec/docs-chef-io/content/inspec/cli.md
@@ -31,101 +31,98 @@ inspec archive PATH
This subcommand has the following additional options:
-
---airgap, --no-airgap- Fallback to using local archives if fetching fails.
+`--airgap`
+`--no-airgap`
+: Fallback to using local archives if fetching fails.
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
+`--check`
+`--no-check`
+: Before running archive, run `inspec check`. Default: do not check.
---check, --no-check- Before running archive, run `inspec check`. Default: do not check.
+`--export`
+`--no-export`
+: Include an inspec.json file in the archive, the results of running `inspec export`.
---export, --no-export- Include an inspec.json file in the archive, the results of running `inspec export`.
+`--legacy-export`
+`--no-legacy-export`
+: Include an inspec.json file in the archive by utilizing information from the legacy export procedure, the results of running `inspec export --legacy-export`.
---ignore-errors, --no-ignore-errors- Ignore profile warnings.
+`--ignore-errors`
+`--no-ignore-errors`
+: Ignore profile warnings.
--o, --output=OUTPUT- Save the archive to a path.
+`-o`
+`--output=OUTPUT`
+: Save the archive to a path.
---overwrite, --no-overwrite- Overwrite existing archive.
+`--overwrite`
+`--no-overwrite`
+: Overwrite existing archive.
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
+`--profiles-path=PROFILES_PATH`
+: Folder which contains referenced profiles.
---tar, --no-tar- Generates a tar.gz archive.
+`--tar`
+`--no-tar`
+: Generates a tar.gz archive.
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+`--vendor-cache=VENDOR_CACHE`
+: Use the given path for caching dependencies, (default: `~/.inspec/cache`).
---zip, --no-zip- Generates a zip archive.
+`--zip`
+`--no-zip`
+: Generates a zip archive.
-
-## check
-Verify the metadata in the `inspec.yml` file, verify that control blocks have the correct fields (title, description, impact), and define that all controls have visible tests and the controls are not using deprecated inspec dsl code
+## automate
+
+Communicates with Chef Automate.
### Syntax
This subcommand has the following syntax:
```bash
-inspec check PATH
+inspec automate SUBCOMMAND
```
-### Options
-
-This subcommand has the following additional options:
-
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
-
---format=FORMAT- The output format to use. Valid values: `json` and `doc`. Default value: `doc`.
-
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
-
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
-
---with-cookstyle, --no-with-cookstyle- Enable or disable cookstyle checks.
-
-
-
-## clear_cache
+## check
-Clears the inspec cache. useful for debugging.
+Verify the metadata in the `inspec.yml` file, verify that control blocks have the correct fields (title, description, impact), and define that all controls have visible tests and the controls are not using deprecated InSpec DSL code.
### Syntax
This subcommand has the following syntax:
```bash
-inspec clear_cache
+inspec check PATH
```
### Options
This subcommand has the following additional options:
-
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: `~/.inspec/cache`).
+`--format=FORMAT`
+: The output format to use. Valid values: `json` and `doc`. Default value: `doc`.
-
+`--profiles-path=PROFILES_PATH`
+: Folder which contains referenced profiles.
+
+`--vendor-cache=VENDOR_CACHE`
+: Use the given path for caching dependencies, (default: `~/.inspec/cache`).
+
+`--with-cookstyle`
+`--no-with-cookstyle`
+: Enable or disable cookstyle checks.
+
+`--legacy-check`
+`--no-legacy-check`
+: Run check in legacy mode, which examines the profile in a different way. Default: use newer parser-based method.
## detect
-Detects the target os.
+Detects the target OS.
### Syntax
@@ -139,120 +136,126 @@ inspec detect
This subcommand has the following additional options:
-
--b, --backend=BACKEND- Choose a backend: local, ssh, winrm, docker.
-
---bastion-host=BASTION_HOST- Specifies the bastion host if applicable.
+`-b`
+`--backend=BACKEND`
+: Choose a backend: local, ssh, winrm, docker.
---bastion-port=BASTION_PORT- Specifies the bastion port if applicable.
+`--bastion-host=BASTION_HOST`
+: Specifies the bastion host if applicable.
---bastion-user=BASTION_USER- Specifies the bastion user if applicable.
+`--bastion-port=BASTION_PORT`
+: Specifies the bastion port if applicable.
---ca-trust-file=CA_TRUST_FILE- Specify CA certificate required for SSL authentication (WinRM).
+`--bastion-user=BASTION_USER`
+: Specifies the bastion user if applicable.
---client-cert=CLIENT_CERT- Specify client certificate for SSL authentication
+`--ca-trust-file=PATH_TO_CA_TRUST_FILE`
+: Specify CA certificate required for SSL authentication (WinRM).
---client-key=CLIENT_KEY- Specify client key required with client cert for SSL authentication
+`--client-cert=PATH_TO_CLIENT_CERTIFICATE`
+: Specify client certificate required for SSL authentication (WinRM).
---client-key-pass=CLIENT_KEY_PASS- Specify client cert password, if required for SSL authentication
+`--client-key=PATH_TO_CLIENT_KEY`
+: Specify client key required with client certificate for SSL authentication (WinRM).
---config=CONFIG- Read configuration from JSON file (`-` reads from stdin).
+`--client-key-pass=CLIENT_CERT_PASSWORD`
+: Specify client certificate password, if required for SSL authentication (WinRM).
---docker-url=DOCKER_URL- Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
+`--config=CONFIG`
+: Read configuration from the JSON file (`-` reads from stdin).
---enable-password=ENABLE_PASSWORD- Password for enable mode on Cisco IOS devices.
+`--docker-url`
+: Provides a path to the Docker API endpoint (Docker).
---format=FORMAT--host=HOST- Specify a remote host which is tested.
+`--enable-password=ENABLE_PASSWORD`
+: Password for enable mode on Cisco IOS devices.
---insecure, --no-insecure- Disable SSL verification on select targets.
+`--format=FORMAT`
--i, --key-files=one two three- Login key or certificate file for a remote scan.
+`--host=HOST`
+: Specify a remote host which is tested.
---password=PASSWORD- Login password for a remote scan, if required.
+`--insecure`
+`--no-insecure`
+: Disable SSL verification on select targets.
---path=PATH- Login path to use when connecting to the target (WinRM).
+`-i`
+`--key-files=one two three`
+: Login key or certificate file for a remote scan.
---podman-url=PODMAN_URL- Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
+`--password=PASSWORD`
+: Login password for a remote scan, if required.
--p, --port=N- Specify the login port for a remote scan.
+`--path=PATH`
+: Login path to use when connecting to the target (WinRM).
---proxy-command=PROXY_COMMAND- Specifies the command to use to connect to the server.
+`-p`
+`--port=N`
+: Specify the login port for a remote scan.
---self-signed, --no-self-signed- Allow remote scans with self-signed certificates (WinRM).
+`--podman-url`
+: Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
---shell, --no-shell- Run scans in a subshell. Only activates on Unix.
+`--proxy-command=PROXY_COMMAND`
+: Specifies the command to use to connect to the server.
---shell-command=SHELL_COMMAND- Specify a particular shell to use.
+`--self-signed`
+`--no-self-signed`
+: Allow remote scans with self-signed certificates (WinRM).
---shell-options=SHELL_OPTIONS- Additional shell options.
+`--shell`
+`--no-shell`
+: Run scans in a subshell. Only activates on Unix.
---ssh-config-file=one two three- A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config.
+`--shell-command=SHELL_COMMAND`
+: Specify a particular shell to use.
---ssl, --no-ssl- Use SSL for transport layer encryption (WinRM).
+`--shell-options=SHELL_OPTIONS`
+: Additional shell options.
---ssl-peer-fingerprint=SSL_PEER_FINGERPRINT- Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
+`--ssl`
+`--no-ssl`
+: Use SSL for transport layer encryption (WinRM).
---sudo, --no-sudo- Run scans with sudo. Only activates on Unix and non-root user.
+`--ssl-peer-fingerprint`
+: Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
---sudo-command=SUDO_COMMAND- Alternate command for sudo.
+`--sudo`
+`--no-sudo`
+: Run scans with sudo. Only activates on Unix and non-root user.
---sudo-options=SUDO_OPTIONS- Additional sudo options for a remote scan.
+`--sudo-command=SUDO_COMMAND`
+: Alternate command for sudo.
---sudo-password=SUDO_PASSWORD- Specify a sudo password, if it is required.
+`--sudo-options=SUDO_OPTIONS`
+: Additional sudo options for a remote scan.
--t, --target=TARGET- Simple targeting option using URIs, e.g. ssh://user:pass@host:port
+`--sudo-password=SUDO_PASSWORD`
+: Specify a sudo password, if it is required.
---target-id=TARGET_ID- Provide an ID which will be included on reports - deprecated
+`-t`
+`--target=TARGET`
+: Simple targeting option using URIs, e.g. ssh://user:pass@host:port.
---user=USER- The login user for a remote scan.
+`--target-id=TARGET_ID`
+: Provide a ID which will be included on reports.
---winrm-basic-auth-only, --no-winrm-basic-auth-only- Whether to use basic authentication, defaults to false (WinRM).
+`--user=USER`
+: The login user for a remote scan.
---winrm-disable-sspi, --no-winrm-disable-sspi- Whether to use disable sspi authentication, defaults to false (WinRM).
+`--winrm-basic-auth-only`
+`--no-winrm-basic-auth-only`
+: Whether to use basic authentication, defaults to false (WinRM).
---winrm-shell-type=WINRM_SHELL_TYPE- Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
+`--winrm-disable-sspi`
+`--no-winrm-disable-sspi`
+: Whether to use disable sspi authentication, defaults to false (WinRM).
---winrm-transport=WINRM_TRANSPORT- Specify which transport to use, defaults to negotiate (WinRM).
+`--winrm-transport=WINRM_TRANSPORT`
+: Specify which transport to use, defaults to negotiate (WinRM).
-
+`--winrm-shell-type=WINRM_SHELL_TYPE`
+: Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
## env
@@ -270,78 +273,90 @@ inspec env
Run all test files at the specified locations.
-The subcommand loads the given profiles, fetches their dependencies if needed, then connects to the target and executes any controls in the profiles.
-One or more reporters are used to generate the output.
-```
-Exit codes:
- 0 Normal exit, all tests passed
- 1 Usage or general error
- 2 Error in plugin system
- 3 Fatal deprecation encountered
- 100 Normal exit, at least one test failed
- 101 Normal exit, at least one test skipped but none failed
- 172 Chef License not accepted
+The subcommand loads the given profiles, fetches their dependencies if needed, then connects to the target and executes any controls in the profiles. One or more reporters are used to generate the output.
+
+```ruby
+exit codes:
+ 0 normal exit, all tests passed
+ 1 usage or general error
+ 2 error in plugin system
+ 3 fatal deprecation encountered
+ 100 normal exit, at least one test failed
+ 101 normal exit, at least one test skipped but none failed
+ 172 chef license not accepted
```
-Below are some examples of using `exec` with different test LOCATIONS:
+Below are some examples of using `exec` with different test locations:
Chef Automate:
- ```
- inspec automate login
- inspec exec compliance://username/linux-baseline
- ```
- `inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way:
- ```
- inspec compliance login
- ```
+
+```ruby
+inspec automate login
+inspec exec compliance://username/linux-baseline
+```
+
+`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way:
+
+```ruby
+inspec compliance login
+```
Chef Supermarket:
- ```
- inspec exec supermarket://username/linux-baseline
- ```
+
+```ruby
+inspec exec supermarket://username/linux-baseline
+inspec exec supermarket://username/linux-baseline --supermarket_url="https://privatesupermarket.example.com"
+```
Local profile (executes all tests in `controls/`):
- ```
- inspec exec /path/to/profile
- ```
-Local single test (doesn't allow inputs or custom resources)
- ```
- inspec exec /path/to/a_test.rb
- ```
+```ruby
+inspec exec /path/to/profile
+```
-Git via SSH
- ```
- inspec exec git@github.com:dev-sec/linux-baseline.git
- ```
+Local single test (doesn't allow inputs or custom resources):
+
+```ruby
+inspec exec /path/to/a_test.rb
+```
+
+Git via SSH:
+
+```ruby
+inspec exec git@github.com:dev-sec/linux-baseline.git
+```
Git via HTTPS (.git suffix is required):
- ```
- inspec exec https://github.com/dev-sec/linux-baseline.git
- ```
+
+```ruby
+inspec exec https://github.com/dev-sec/linux-baseline.git
+```
Private Git via HTTPS (.git suffix is required):
- ```
- inspec exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
- ```
+
+```ruby
+inspec exec https://api_token@github.com/dev-sec/linux-baseline.git
+```
Private Git via HTTPS and cached credentials (.git suffix is required):
- ```
- git config credential.helper cache
- git ls-remote https://github.com/dev-sec/linux-baseline.git
- inspec exec https://github.com/dev-sec/linux-baseline.git
- ```
-Web hosted file (also supports .zip):
- ```
- inspec exec https://webserver/linux-baseline.tar.gz
- ```
+```bash
+git config credential.helper cache
+git ls-remote https://github.com/dev-sec/linux-baseline.git
+inspec exec https://github.com/dev-sec/linux-baseline.git
+```
+
+Web-hosted file (also supports .zip):
+
+```bash
+inspec exec https://webserver/linux-baseline.tar.gz
+```
-Web hosted file with basic authentication (supports .zip):
- ```
- inspec exec https://username:password@webserver/linux-baseline.tar.gz
- ```
+Web-hosted file with basic authentication (supports .zip):
+```bash
+inspec exec https://username:password@webserver/linux-baseline.tar.gz
+```
### Syntax
@@ -355,197 +370,232 @@ inspec exec LOCATIONS
This subcommand has the following additional options:
-
---attrs=one two three- Legacy name for --input-file - deprecated.
+`--attrs=one two three`
+: Legacy name for --input-file - deprecated.
+
+`--auto-install-gems`
+: Auto installs gem dependencies of the profile or resource pack.
+
+`-b`
+`--backend=BACKEND`
+: Choose a backend: local, ssh, winrm, docker.
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
+`--backend-cache`
+`--no-backend-cache`
+: Allow caching for backend command output. (default: true).
--b, --backend=BACKEND- Choose a backend: local, ssh, winrm, docker.
+`--bastion-host=BASTION_HOST`
+: Specifies the bastion host if applicable.
---backend-cache, --no-backend-cache- Allow caching for backend command output. (default: true).
+`--bastion-port=BASTION_PORT`
+: Specifies the bastion port if applicable.
---bastion-host=BASTION_HOST- Specifies the bastion host if applicable.
+`--bastion-user=BASTION_USER`
+: Specifies the bastion user if applicable.
---bastion-port=BASTION_PORT- Specifies the bastion port if applicable.
+`--ca-trust-file=PATH_TO_CA_TRUST_FILE`
+: Specify CA certificate required for SSL authentication (WinRM).
---bastion-user=BASTION_USER- Specifies the bastion user if applicable.
+`--client-cert=PATH_TO_CLIENT_CERTIFICATE`
+: Specify client certificate required for SSL authentication (WinRM).
---ca-trust-file=CA_TRUST_FILE- Specify CA certificate required for SSL authentication (WinRM).
+`--client-key=PATH_TO_CLIENT_KEY`
+: Specify client key required with client certificate for SSL authentication (WinRM).
---client-cert=CLIENT_CERT- Specify client certificate for SSL authentication
+`--client-key-pass=CLIENT_CERT_PASSWORD`
+: Specify client certificate password, if required for SSL authentication (WinRM).
---client-key=CLIENT_KEY- Specify client key required with client cert for SSL authentication
+`--command-timeout=SECONDS`
+: Maximum seconds to allow a command to run.
---client-key-pass=CLIENT_KEY_PASS- Specify client cert password, if required for SSL authentication
+`--config=CONFIG`
+: Read configuration from the JSON file (`-` reads from stdin).
---command-timeout=N- Maximum seconds to allow commands to run during execution.
+`--controls=one two three`
+: A list of control names to run or a list of /regexes/ to match against control names. Ignore all other tests.
---config=CONFIG- Read configuration from JSON file (`-` reads from stdin).
+`--create-lockfile`
+`--no-create-lockfile`
+: Write out a lockfile based on this execution (unless one already exists).
---controls=one two three- A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests.
+`--distinct-exit`
+`--no-distinct-exit`
+: Exit with code 101 if any tests fail and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures.
---create-lockfile, --no-create-lockfile- Write out a lockfile based on this execution (unless one already exists)
+`--docker-url`
+: Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
---diff, --no-diff- Use --no-diff to suppress 'diff' output of failed textual test results.
+`--enable-password=ENABLE_PASSWORD`
+: Password for enable mode on Cisco IOS devices.
---distinct-exit, --no-distinct-exit- Exit with code 101 if any tests fail, and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures.
+`--filter-empty-profiles`
+`--no-filter-empty-profiles`
+: Filter empty profiles (profiles without controls) from the report.
---docker-url=DOCKER_URL- Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
+`--filter-waived-controls`
+: Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores the `run` setting of the waiver file.
---enable-password=ENABLE_PASSWORD- Password for enable mode on Cisco IOS devices.
+`--host=HOST`
+: Specify a remote host which is tested.
---enhanced-outcomes, --no-enhanced-outcomes- Show enhanced outcomes in output
+`--input=name1=value1 name2=value2`
+: Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures.
---filter-empty-profiles, --no-filter-empty-profiles- Filter empty profiles (profiles without controls) from the report.
+`--input-file=one two three`
+: Load one or more input files, a YAML file with values for the profile to use.
---filter-waived-controls, --no-filter-waived-controls- Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores the `run` setting of the waiver file.
+`--insecure`
+`--no-insecure`
+: Disable SSL verification on select targets.
---host=HOST- Specify a remote host which is tested.
+`-i`
+`--key-files=one two three`
+: Login key or certificate file for a remote scan.
---input=name1=value1 name2=value2- Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures.
+`--password=PASSWORD`
+: Login password for a remote scan, if required.
---input-file=one two three- Load one or more input files, a YAML file with values for the profile to use.
+`--path=PATH`
+: Login path to use when connecting to the target (WinRM).
---insecure, --no-insecure- Disable SSL verification on select targets.
+`-p`
+`--port=N`
+: Specify the login port for a remote scan.
--i, --key-files=one two three- Login key or certificate file for a remote scan.
+`--podman-url`
+: Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
---password=PASSWORD- Login password for a remote scan, if required.
+`--profiles-path=PROFILES_PATH`
+: Folder which contains referenced profiles.
---path=PATH- Login path to use when connecting to the target (WinRM).
+`--proxy-command=PROXY_COMMAND`
+: Specifies the command to use to connect to the server.
---podman-url=PODMAN_URL- Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
+`--reporter=one two:/output/file/path`
+: Enable one or more output reporters: cli, documentation, html2, progress, progress-bar, json, json-min, json-rspec, junit2, yaml.
--p, --port=N- Specify the login port for a remote scan.
+`--reporter-backtrace-inclusion`
+`--no-reporter-backtrace-inclusion`
+: Include a code backtrace in report data (default: true).
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
+`--reporter-include-source`
+: Include full source code of controls in the CLI report.
---proxy-command=PROXY_COMMAND- Specifies the command to use to connect to the server.
+`--reporter-message-truncation=REPORTER_MESSAGE_TRUNCATION`
+: Number of characters to truncate failure messages in report data (default: no truncation).
---reporter=one two:/output/file/path- Enable one or more output reporters: cli, documentation, html, progress, progress-bar, json, json-min, json-rspec, junit, yaml
+`--self-signed`
+`--no-self-signed`
+: Allow remote scans with self-signed certificates (WinRM).
---reporter-backtrace-inclusion, --no-reporter-backtrace-inclusion- Include a code backtrace in report data (default: true)
+`--shell`
+`--no-shell`
+: Run scans in a subshell. Only activates on Unix.
---reporter-include-source, --no-reporter-include-source- Include full source code of controls in the CLI report
+`--shell-command=SHELL_COMMAND`
+: Specify a particular shell to use.
---reporter-message-truncation=REPORTER_MESSAGE_TRUNCATION- Number of characters to truncate failure messages and code_desc in report data to (default: no truncation)
+`--shell-options=SHELL_OPTIONS`
+: Additional shell options.
---retain-waiver-data, --no-retain-waiver-data- EXPERIMENTAL: Only works in conjunction with --filter-waived-controls, retains waiver data about controls that were skipped
+`--show-progress`
+`--no-show-progress`
+: Show progress while executing tests.
---self-signed, --no-self-signed- Allow remote scans with self-signed certificates (WinRM).
+`--silence-deprecations=all|GROUP GROUP...`
+: Suppress deprecation warnings. See install_dir/etc/deprecations.json for a list of GROUPs or use 'all'.
---shell, --no-shell- Run scans in a subshell. Only activates on Unix.
+`--ssh-config-file=one two three`
+: A list of paths to the SSH configuration file, for example: `~/.ssh/config` or `/etc/ssh/ssh_config`.
---shell-command=SHELL_COMMAND- Specify a particular shell to use.
+`--ssl`
+`--no-ssl`
+: Use SSL for transport layer encryption (WinRM).
---shell-options=SHELL_OPTIONS- Additional shell options.
+`--ssl-peer-fingerprint`
+: Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
---show-progress, --no-show-progress- Show progress while executing tests.
+`--sudo`
+`--no-sudo`
+: Run scans with sudo. Only activates on Unix and non-root user.
---silence-deprecations=all|GROUP GROUP...- Suppress deprecation warnings. See install_dir/etc/deprecations.json for a list of GROUPs or use 'all'.
+`--sudo-command=SUDO_COMMAND`
+: Alternate command for sudo.
---sort-results-by=--sort-results-by=none|control|file|random- After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode.
+`--sudo-options=SUDO_OPTIONS`
+: Additional sudo options for a remote scan.
---ssh-config-file=one two three- A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config.
+`--sudo-password=SUDO_PASSWORD`
+: Specify a sudo password, if it is required.
---ssl, --no-ssl- Use SSL for transport layer encryption (WinRM).
+`-t`
+`--target=TARGET`
+: Simple targeting option using URIs, e.g. ssh://user:pass@host:port.
---ssl-peer-fingerprint=SSL_PEER_FINGERPRINT- Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
+`--target-id=TARGET_ID`
+: Provide an ID that is included on reports - deprecated.
---sudo, --no-sudo- Run scans with sudo. Only activates on Unix and non-root user.
+`--tags=one two three`
+: A list of tags or regular expressions that match tags. `exec` will run controls referenced by the listed or matching tags.
---sudo-command=SUDO_COMMAND- Alternate command for sudo.
+`--user=USER`
+: The login user for a remote scan.
---sudo-options=SUDO_OPTIONS- Additional sudo options for a remote scan.
+`--vendor-cache=VENDOR_CACHE`
+: Use the given path for caching dependencies. (default: `~/.inspec/cache`).
---sudo-password=SUDO_PASSWORD- Specify a sudo password, if it is required.
+`--waiver-file=one two three`
+: Load one or more waiver files.
---supermarket-url=SUPERMARKET_URL- Specify the URL of a private Chef Supermarket.
+`--winrm-basic-auth-only`
+`--no-winrm-basic-auth-only`
+: Whether to use basic authentication, defaults to false (WinRM).
---tags=one two three- A list of tags names that are part of controls to filter and run controls, or a list of /regexes/ to match against tags names of controls. Ignore all other tests.
+`--winrm-disable-sspi`
+`--no-winrm-disable-sspi`
+: Whether to use disable sspi authentication, defaults to false (WinRM).
--t, --target=TARGET- Simple targeting option using URIs, e.g. ssh://user:pass@host:port
+`--winrm-transport=WINRM_TRANSPORT`
+: Specify which transport to use, defaults to negotiate (WinRM).
---target-id=TARGET_ID- Provide an ID which will be included on reports - deprecated
+`--enhanced-outcomes`
+: Includes enhanced outcome of controls in report data.
---user=USER- The login user for a remote scan.
+## habitat
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+Create a Chef Habitat package.
---waiver-file=one two three- Load one or more waiver files.
+### Syntax
+
+This subcommand has the following syntax:
---winrm-basic-auth-only, --no-winrm-basic-auth-only- Whether to use basic authentication, defaults to false (WinRM).
+```bash
+inspec habitat SUBCOMMAND
+```
---winrm-disable-sspi, --no-winrm-disable-sspi- Whether to use disable sspi authentication, defaults to false (WinRM).
+## help
---winrm-shell-type=WINRM_SHELL_TYPE- Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
+Describe available commands or one specific command.
---winrm-transport=WINRM_TRANSPORT- Specify which transport to use, defaults to negotiate (WinRM).
+### Syntax
-
+This subcommand has the following syntax:
+
+```bash
+inspec help [COMMAND]
+```
+
+## init
+
+Scaffold a new project.
+
+### Syntax
+
+This subcommand has the following syntax:
+
+```bash
+inspec init TEMPLATE
+```
## export
@@ -563,97 +613,123 @@ inspec export PATH
This subcommand has the following additional options:
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
+`--what=WHAT`
+: What to export: profile (default), readme, metadata.
---controls=one two three- For --what=profile, a list of controls to include. Ignore all other tests.
+`--controls=one two three`
+: For --what=profile, a list of controls to include. Other controls are ignored..
---format=FORMAT- The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'.
+`--format=FORMAT`
+: The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'.
--o, --output=OUTPUT- Save the created output to a path.
+`--legacy-export`
+`--no-legacy-export`
+: Run with legacy export.
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
+`-o`
+`--output=OUTPUT`
+: Save the created output to a path.
---tags=one two three- For --what=profile, a list of tags to filter controls and include only those. Ignore all other tests.
+`--profiles-path=PROFILES_PATH`
+: Folder which contains referenced profiles.
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+`--tags=one two three`
+: For --what=profile, a list of tags to filter controls and include only those. Other controls are ignored.
---what=WHAT- What to export: profile (default), readme, metadata.
+`--vendor-cache=VENDOR_CACHE`
+: Use the given path for caching dependencies, (default: `~/.inspec/cache`).
-
-
-## help
+## json
-Describe available commands or one specific command
+Read all tests in the path and generate a json summary.
### Syntax
This subcommand has the following syntax:
```bash
-inspec help [COMMAND]
+inspec json PATH
```
-## json
+### Options
-Read all tests in the path and generate a json summary.
+This subcommand has the following additional options:
-### Syntax
+`--controls=one two three`
+: A list of controls to include. Ignore all other tests.
-This subcommand has the following syntax:
+`--legacy-export`
+`--no-legacy-export`
+: Run with legacy export.
+
+`-o`
+`--output=OUTPUT`
+: Save the created profile to a path.
+
+`--profiles-path=PROFILES_PATH`
+: Folder which contains referenced profiles.
+
+`--tags=one two three`
+: A list of tags that reference specific controls. Other controls are ignored.
+
+`--vendor-cache=VENDOR_CACHE`
+: Use the given path for caching dependencies. (default: `~/.inspec/cache`).
+
+## license
+
+Subcommands for interacting with the Chef licensing system.
+
+`inspec license` supports two subcommands, `add` and `list`.
+
+### license add
+
+Add a Chef license.
+
+Not applicable for users running a Chef Private Licensing Service.
+
+#### Syntax
```bash
-inspec json PATH
+inspec license add
```
-### Options
+### license list
-This subcommand has the following additional options:
+Run license diagnostics and output the details of your current Chef license configuration.
-
---auto-install-gems, --no-auto-install-gems- Auto installs gem dependencies of the profile or resource pack.
+#### Syntax
---controls=one two three- A list of controls to include. Ignore all other tests.
+```bash
+inspec license list
+```
--o, --output=OUTPUT- Save the created profile to a path.
+## nothing
---profiles-path=PROFILES_PATH- Folder which contains referenced profiles.
+Does nothing.
---tags=one two three- A list of tags to filter controls and include only those. Ignore all other tests.
+### Syntax
---vendor-cache=VENDOR_CACHE- Use the given path for caching dependencies, (default: ~/.inspec/cache).
+This subcommand has the following syntax:
-
+```bash
+inspec nothing
+```
-## run_context
+## plugin
-Used to test run-context detection
+Install and manage [Chef InSpec plugins](/inspec/plugins/).
### Syntax
This subcommand has the following syntax:
```bash
-inspec run_context
+inspec plugin SUBCOMMAND
```
## schema
-Print the json schema
+Print the json schema.
### Syntax
@@ -665,13 +741,10 @@ inspec schema NAME
### Options
-This subcommand has the following additional options:
-
-
---enhanced-outcomes, --no-enhanced-outcomes- Show enhanced outcomes output
+This subcommand has the following additional option:
-
+`--enhanced-outcomes`
+: Includes enhanced outcome of controls in report data.
## shell
@@ -689,150 +762,152 @@ inspec shell
This subcommand has the following additional options:
-
--b, --backend=BACKEND- Choose a backend: local, ssh, winrm, docker.
-
---bastion-host=BASTION_HOST- Specifies the bastion host if applicable.
-
---bastion-port=BASTION_PORT- Specifies the bastion port if applicable.
-
---bastion-user=BASTION_USER- Specifies the bastion user if applicable.
-
---ca-trust-file=CA_TRUST_FILE- Specify CA certificate required for SSL authentication (WinRM).
+`-b`
+`--backend=BACKEND`
+: Choose a backend: local, ssh, winrm, docker.
---client-cert=CLIENT_CERT- Specify client certificate for SSL authentication
+`--bastion-host=BASTION_HOST`
+: Specifies the bastion host if applicable.
---client-key=CLIENT_KEY- Specify client key required with client cert for SSL authentication
+`--bastion-port=BASTION_PORT`
+: Specifies the bastion port if applicable.
---client-key-pass=CLIENT_KEY_PASS- Specify client cert password, if required for SSL authentication
+`--bastion-user=BASTION_USER`
+: Specifies the bastion user if applicable.
--c, --command=COMMAND- A single command string to run instead of launching the shell
+`-c`
+`--command=COMMAND`
+: A single command string to run instead of launching the shell.
---command-timeout=N- Maximum seconds to allow a command to run.
+`--command-timeout=SECONDS`
+: Maximum seconds to allow a command to run.
---config=CONFIG- Read configuration from JSON file (`-` reads from stdin).
+`--ca-trust-file=PATH_TO_CA_TRUST_FILE`
+: Specify CA certificate required for SSL authentication (WinRM).
---depends=one two three- A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell
+`--client-cert=PATH_TO_CLIENT_CERTIFICATE`
+: Specify client certificate required for SSL authentication (WinRM).
---distinct-exit, --no-distinct-exit- Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default). If disabled, exit 0 on skips and 1 for failures.
+`--client-key=PATH_TO_CLIENT_KEY`
+: Specify client key required with client certificate for SSL authentication (WinRM).
---docker-url=DOCKER_URL- Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
+`--client-key-pass=CLIENT_CERT_PASSWORD`
+: Specify client certificate password, if required for SSL authentication (WinRM).
---enable-password=ENABLE_PASSWORD- Password for enable mode on Cisco IOS devices.
+`--config=CONFIG`
+: Read configuration from the JSON file (`-` reads from stdin).
---enhanced-outcomes, --no-enhanced-outcomes- Show enhanced outcomes in output
+`--depends=one two three`
+: A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell.
---host=HOST- Specify a remote host which is tested.
+`--distinct-exit`
+`--no-distinct-exit`
+: Exit with code 100 if any tests fail and 101 if any are skipped, but none failed (default). If disabled, exit 0 on skips and 1 for failures.
---input=name1=value1 name2=value2- Specify one or more inputs directly on the command line to the shell, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures.
+`--docker-url`
+: Provides path to Docker API endpoint (Docker). Defaults to unix:///var/run/docker.sock on Unix systems and tcp://localhost:2375 on Windows.
---input-file=one two three- Load one or more input files, a YAML file with values for the shell to use
+`--enable-password=ENABLE_PASSWORD`
+: Password for enable mode on Cisco IOS devices.
---insecure, --no-insecure- Disable SSL verification on select targets.
+`--host=HOST`
+: Specify a remote host which is tested.
---inspect, --no-inspect- Use verbose/debugging output for resources.
+`--insecure`
+`--no-insecure`
+: Disable SSL verification on select targets.
--i, --key-files=one two three- Login key or certificate file for a remote scan.
+`--inspect`
+`--no-inspect`
+: Use verbose/debugging output for resources.
---password=PASSWORD- Login password for a remote scan, if required.
+`-i`
+`--key-files=one two three`
+: Login key or certificate file for a remote scan.
---path=PATH- Login path to use when connecting to the target (WinRM).
+`--password=PASSWORD`
+: Login password for a remote scan, if required.
---podman-url=PODMAN_URL- Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
+`--path=PATH`
+: Login path to use when connecting to the target (WinRM).
--p, --port=N- Specify the login port for a remote scan.
+`-p`
+`--port=N`
+: Specify the login port for a remote scan.
---proxy-command=PROXY_COMMAND- Specifies the command to use to connect to the server.
+`--podman-url`
+: Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user).
---reporter=one two:/output/file/path- Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit
+`--proxy-command=PROXY_COMMAND`
+: Specifies the command to use to connect to the server.
---self-signed, --no-self-signed- Allow remote scans with self-signed certificates (WinRM).
+`--reporter=one two:/output/file/path`
+: Enable one or more output reporters: cli, documentation, html2, progress, json, json-min, json-rspec, junit2.
---shell, --no-shell- Run scans in a subshell. Only activates on Unix.
+`--self-signed`
+`--no-self-signed`
+: Allow remote scans with self-signed certificates (WinRM).
---shell-command=SHELL_COMMAND- Specify a particular shell to use.
+`--shell`
+`--no-shell`
+: Run scans in a subshell. Only activates on Unix.
---shell-options=SHELL_OPTIONS- Additional shell options.
+`--shell-command=SHELL_COMMAND`
+: Specify a particular shell to use.
---ssh-config-file=one two three- A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config.
+`--shell-options=SHELL_OPTIONS`
+: Additional shell options.
---ssl, --no-ssl- Use SSL for transport layer encryption (WinRM).
+`--ssh-config-file=one two three`
+: A list of paths to the SSH configuration file, for example: `~/.ssh/config` or `/etc/ssh/ssh_config`.
---ssl-peer-fingerprint=SSL_PEER_FINGERPRINT- Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
+`--ssl`
+`--no-ssl`
+: Use SSL for transport layer encryption (WinRM).
---sudo, --no-sudo- Run scans with sudo. Only activates on Unix and non-root user.
+`--ssl-peer-fingerprint=SSL_PEER_FINGERPRINT`
+: Specify SSL peer fingerprint in place of certificates for SSL authentication (WinRM).
---sudo-command=SUDO_COMMAND- Alternate command for sudo.
+`--sudo`
+`--no-sudo`
+: Run scans with sudo. Only activates on Unix and non-root user.
---sudo-options=SUDO_OPTIONS- Additional sudo options for a remote scan.
+`--sudo-command=SUDO_COMMAND`
+: Alternate command for sudo.
---sudo-password=SUDO_PASSWORD- Specify a sudo password, if it is required.
+`--sudo-options=SUDO_OPTIONS`
+: Additional sudo options for a remote scan.
--t, --target=TARGET- Simple targeting option using URIs, e.g. ssh://user:pass@host:port
+`--sudo-password=SUDO_PASSWORD`
+: Specify a sudo password, if it is required.
---target-id=TARGET_ID- Provide an ID which will be included on reports - deprecated
+`-t`
+`--target=TARGET`
+: Simple targeting option using URIs, e.g. ssh://user:pass@host:port.
---user=USER- The login user for a remote scan.
+`--target-id=TARGET_ID`
+: Provide a ID which will be included on reports.
---winrm-basic-auth-only, --no-winrm-basic-auth-only- Whether to use basic authentication, defaults to false (WinRM).
+`--user=USER`
+: The login user for a remote scan.
---winrm-disable-sspi, --no-winrm-disable-sspi- Whether to use disable sspi authentication, defaults to false (WinRM).
+`--winrm-basic-auth-only`
+`--no-winrm-basic-auth-only`
+: Whether to use basic authentication, defaults to false (WinRM).
---winrm-shell-type=WINRM_SHELL_TYPE- Specify which shell type to use (powershell, elevated, or cmd), which defaults to powershell (WinRM).
+`--winrm-disable-sspi`
+`--no-winrm-disable-sspi`
+: Whether to use disable sspi authentication, defaults to false (WinRM).
---winrm-transport=WINRM_TRANSPORT- Specify which transport to use, defaults to negotiate (WinRM).
+`--winrm-transport=WINRM_TRANSPORT`
+: Specify which transport to use, defaults to negotiate (WinRM).
-
+`--enhanced-outcomes`
+: Includes enhanced outcome of controls in report data.
## supermarket
-Supermarket commands
+Supermarket commands.
### Syntax
@@ -842,9 +917,16 @@ This subcommand has the following syntax:
inspec supermarket SUBCOMMAND ...
```
+### Options
+
+This subcommand has additional options:
+
+`--supermarket_url`
+: Specify the URL of a private Chef Supermarket.
+
## vendor
-Download all dependencies and generate a lockfile in a `vendor` directory
+Download all dependencies and generate a lockfile in a `vendor` directory.
### Syntax
@@ -856,13 +938,11 @@ inspec vendor PATH
### Options
-This subcommand has the following additional options:
-
-
---overwrite, --no-overwrite- Overwrite existing vendored dependencies and lockfile.
+This subcommand has additional options:
-
+`--overwrite`
+`--no-overwrite`
+: Overwrite existing vendored dependencies and lockfiles.
## version
@@ -880,7 +960,4 @@ inspec version
This subcommand has the following additional options:
-
---format=FORMAT
-
+`--format=FORMAT`
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index a068ff00c8..1a4cf8fcba 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -2,7 +2,7 @@
# github.com/chef/desktop-config/docs-chef-io v0.0.0-20230711052355-bad26ce3ac0b
# github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20230808222519-d0c20bbe8c45
# github.com/chef/chef-server/docs-chef-io v0.0.0-20230929110551-e5bebd3e433d
-# github.com/inspec/inspec/docs-chef-io v0.0.0-20231024163740-0eb1d36b0765
+# github.com/inspec/inspec/docs-chef-io v0.0.0-20231114134014-655f2932b1cd
# github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20220614123852-e453ba687370
# github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20220228151600-69aa036b1527
# github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20220228040450-e1b23e65979a
diff --git a/go.mod b/go.mod
index 117686b2ee..5900beac49 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20220228040450-e1b23e65979a // indirect
github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd // indirect
github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20230522203306-c23ca61f913f // indirect
- github.com/inspec/inspec/docs-chef-io v0.0.0-20231024163740-0eb1d36b0765 // indirect
+ github.com/inspec/inspec/docs-chef-io v0.0.0-20231114134014-655f2932b1cd // indirect
github.com/swiftype/swiftype-autocomplete-jquery v0.0.0-20190222215504-a90008d64b30 // indirect
github.com/swiftype/swiftype-search-jquery v1.1.0 // indirect
github.com/twitter/hogan.js v3.0.2+incompatible // indirect
diff --git a/go.sum b/go.sum
index bd4481b95b..f730e37f4c 100644
--- a/go.sum
+++ b/go.sum
@@ -49,8 +49,8 @@ github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd
github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd/go.mod h1:Q4E7QBY4b7HDE2psfGT9jqvnLq1yfg5e9KWK4VTtI/M=
github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20230522203306-c23ca61f913f h1:eJqWm/xPdUtbxEF3dewePl7ahkob0IoSfs93QEcykt0=
github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20230522203306-c23ca61f913f/go.mod h1:JwjkNHKgELWxc9esXuK3ELEGL371pK496OKrK+te3Lk=
-github.com/inspec/inspec/docs-chef-io v0.0.0-20231024163740-0eb1d36b0765 h1:gTtGdSh3oeCtrz3hmU149Lro9GBApRkxMqsLObiNduw=
-github.com/inspec/inspec/docs-chef-io v0.0.0-20231024163740-0eb1d36b0765/go.mod h1:oudFvipU0DTMkp8+MiwdUGerVEoWcJG0MQciDEOd6G8=
+github.com/inspec/inspec/docs-chef-io v0.0.0-20231114134014-655f2932b1cd h1:iostV9gaDRSXPS2sT5pz8A/KWIJaZV3vZhyld150jtY=
+github.com/inspec/inspec/docs-chef-io v0.0.0-20231114134014-655f2932b1cd/go.mod h1:oudFvipU0DTMkp8+MiwdUGerVEoWcJG0MQciDEOd6G8=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/swiftype/swiftype-autocomplete-jquery v0.0.0-20190222215504-a90008d64b30 h1:dhqLFBINtD1rMwwd5s9INu4BkciCvQUd+r+CWUYWIB4=
github.com/swiftype/swiftype-autocomplete-jquery v0.0.0-20190222215504-a90008d64b30/go.mod h1:qnxTyatkwE84LvoaQLPaLB4h5M3n6Q2z+SB/96DcAK8=