Skip to content

How to Create an InSpec Profile Release

Jump to bottom
George M. Dias edited this page Jul 19, 2024 · 4 revisions

The process of creating an InSecc Profile release is as follows (includes cloning the repo).

Set up the development environment

  • Clone the repo for the InSpec Profile being updated
  • Create a new branch. Brach name format is as follows:
    • v{x}r{y}.{z}, the format represent the changes between releases of the benchmark. The values align with the STIG releases for the Benchmark found at the DISA STIG Document Library where:
      • {x} aligns to the Version of the STIG Benchmark,
      • {y} aligns to the Release of the Benchmark, and
      • {z} aligns to the 'Release' of the tagged release of the profile as we fix or improve the tests.
  • Create a pull request (PR) where all changes are tracked
  • Make the necessary updates/modifications

Release based on updates criteria

Updating MINOR or PATCH version

  • Create the new release tag full name (e.g., tag name full: v1.13.4) by invoking the following command:
    • git tag -a <tagNameFull>
  • Delete previous major release tag (e.g., tag name major: v1) by invoking the following command:
    • git push --delete origin <tagNameMajor>
  • Re-add the major release tag (e.g., tag name major: v1) to reference the latest semantic version tag by invoking the following command:
    • git tag -f -a <tagNameMajor>
  • Push the tags to the remote repository by invoking the following command:
    • git push --atomic origin main <tagNameFull> <tagNameMajor>
  • If you receive an error when pushing the tag, try pushing individually with:
    • git push origin tag <tagNameFull>
    • git push origin tag <tagNameMajor>

Tip

  • To view current tags use the command git tag
  • If annotation is need use the -m when creating the tag (e.g., git tag -a -m "Annotation goes here" <tagNameFull>)
  • The annotation will be displayed in the release notes
  • Notice that when adding (Re-add) the major release tag the command includes a force flag: -f.

Update MAJOR version

  • Create the new release tag full name (e.g., tag name full: v1.13.4) by invoking the following command:
    • git tag -a <tagNameFull>
  • Add the new major release tag (e.g., tag name major: v2) to reference the latest semantic version tag by invoking the following command:
    • git tag -f -a <tagNameMajor>
  • Push the tags to the remote repository by invoking the following command:
    • git push --atomic origin <branch name> <tagNameFull> <tagNameMajor>

Streamline security automation for systems and DevOps pipelines with the SAF CLI

image

SAF CLI

Support utility for security automation

Table of Contents

Common Instructions

Developers Corner

Clone this wiki locally