inspec 2.1.84 → 2.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +31 -8
  3. data/README.md +1 -0
  4. data/docs/dev/filtertable-internals.md +353 -0
  5. data/docs/dev/filtertable-usage.md +533 -0
  6. data/docs/matchers.md +36 -36
  7. data/docs/profiles.md +2 -2
  8. data/docs/resources/apache.md.erb +1 -1
  9. data/docs/resources/aws_elb.md.erb +144 -0
  10. data/docs/resources/aws_elbs.md.erb +242 -0
  11. data/docs/resources/aws_flow_log.md.erb +118 -0
  12. data/docs/resources/aws_iam_groups.md.erb +34 -1
  13. data/docs/resources/crontab.md.erb +10 -6
  14. data/docs/resources/dh_params.md.erb +71 -65
  15. data/docs/resources/docker_service.md.erb +1 -1
  16. data/docs/resources/etc_fstab.md.erb +1 -1
  17. data/docs/resources/firewalld.md.erb +1 -1
  18. data/docs/resources/http.md.erb +1 -1
  19. data/docs/resources/iis_app.md.erb +1 -1
  20. data/docs/resources/inetd_conf.md.erb +1 -1
  21. data/docs/resources/nginx.md.erb +1 -1
  22. data/docs/resources/npm.md.erb +9 -1
  23. data/docs/resources/os.md.erb +21 -19
  24. data/docs/resources/shadow.md.erb +37 -31
  25. data/docs/resources/x509_certificate.md.erb +2 -2
  26. data/examples/custom-resource/README.md +3 -0
  27. data/examples/custom-resource/controls/example.rb +7 -0
  28. data/examples/custom-resource/inspec.yml +8 -0
  29. data/examples/custom-resource/libraries/batsignal.rb +20 -0
  30. data/examples/custom-resource/libraries/gordon.rb +21 -0
  31. data/lib/inspec/reporters/junit.rb +1 -0
  32. data/lib/inspec/resource.rb +8 -0
  33. data/lib/inspec/version.rb +1 -1
  34. data/lib/resource_support/aws.rb +3 -0
  35. data/lib/resources/aws/aws_elb.rb +81 -0
  36. data/lib/resources/aws/aws_elbs.rb +78 -0
  37. data/lib/resources/aws/aws_flow_log.rb +102 -0
  38. data/lib/resources/aws/aws_iam_groups.rb +1 -2
  39. data/lib/resources/aws/aws_iam_users.rb +65 -47
  40. data/lib/resources/npm.rb +15 -2
  41. data/lib/resources/package.rb +1 -1
  42. data/lib/utils/filter.rb +243 -85
  43. metadata +15 -2
@@ -0,0 +1,118 @@
1
+ ---
2
+ title: About the aws_flow_log Resource
3
+ platform: aws
4
+ ---
5
+
6
+ # aws\_flow\_log
7
+
8
+ Use the `aws_flow_log` InSpec audit resource to test properties of a single Flow Log.
9
+
10
+ ## Syntax
11
+
12
+ describe aws_flow_log('fl-9c718cf5') do
13
+ it { should exist }
14
+ end
15
+
16
+ ## Resource Parameters
17
+ ### flow\_log\_id
18
+
19
+ This resource accepts a single parameter or other search terms. You may pass it as a string, or as the value in a hash:
20
+
21
+ describe aws_flow_log('fl-9c718cf5') do
22
+ it { should exist }
23
+ end
24
+
25
+ describe aws_flow_log(flow_log_id: 'fl-8905f8e0') do
26
+ it { should exist }
27
+ end
28
+
29
+ ### subnet\_id
30
+
31
+ To search for a flow log by the associated subnet id:
32
+
33
+ describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do
34
+ it { should exist }
35
+ end
36
+
37
+ ### vpc\_id
38
+
39
+ To search for a flow log by the associated vpc id:
40
+
41
+ describe aws_flow_log(vpc_id: 'vpc-96cabaef') do
42
+ it { should exist }
43
+ end
44
+
45
+ ## Properties
46
+ ### flow\_log\_id
47
+
48
+ The `flow_log_id` property tests the name of the flow log.
49
+
50
+ describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do
51
+ its('flow_log_id') { should cmp 'fl-9c718cf5' }
52
+ end
53
+
54
+ ### log\_group\_name
55
+
56
+ The `log_group_name` property tests the name of the associated log group.
57
+
58
+ describe aws_flow_log('fl-9c718cf5') do
59
+ its('log_group_name') { should cmp 'test_log_group' }
60
+ end
61
+
62
+ ### resource\_id
63
+
64
+ The `resource_id` property tests the id of the associated VPC, subnet, or network interface.
65
+
66
+ describe aws_flow_log('fl-9c718cf5') do
67
+ its('resource_id') { should cmp 'subnet-c6a4319c' }
68
+ end
69
+
70
+ ### resource\_type
71
+
72
+ The `resource_type` property tests the type of resource the Flow Log is attached to.
73
+ The property will return `eni`, `subnet`, or `vpc`.
74
+
75
+ describe aws_flow_log('fl-9c718cf5') do
76
+ its('resource_type') { should cmp 'subnet' }
77
+ end
78
+
79
+ ## Matchers
80
+
81
+ For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
82
+
83
+ ### exist
84
+
85
+ Indicates that the Flow Log provided was found. Use `should_not` to test for Flow Logs that should not exist.
86
+
87
+ describe aws_flow_log('should-be-there') do
88
+ it { should exist }
89
+ end
90
+
91
+ describe aws_flow_log('should-not-be-there') do
92
+ it { should_not exist }
93
+ end
94
+
95
+ ### be\_attached\_to\_eni
96
+
97
+ Indicates that the Flow Log is attached to a ENI resource.
98
+
99
+ describe aws_flow_log('fl-9c718cf5') do
100
+ it { should be_attached_to_eni }
101
+ end
102
+
103
+ ### be\_attached\_to\_subnet
104
+
105
+ Indicates that the Flow Log is attached to a subnet resource.
106
+
107
+ describe aws_flow_log('fl-9c718cf5') do
108
+ it { should be_attached_to_subnet }
109
+ end
110
+
111
+ ### be\_attached\_to\_vpc
112
+
113
+ Indicates that the Flow Log is attached to a vpc resource.
114
+
115
+ describe aws_flow_log('fl-9c718cf5') do
116
+ it { should be_attached_to_vpc }
117
+ end
118
+
@@ -30,9 +30,42 @@ As this is the initial release of `aws_iam_groups`, its limited functionality pr
30
30
 
31
31
  <br>
32
32
 
33
+ ## Filter Criteria
34
+
35
+ ### group_name
36
+
37
+ Filters the IAM groups by their group name, a string. If you know the exact group name, use `aws_iam_group` (singular) instead. This criteria may be used when you know a pattern of the name.
38
+
39
+ # Use a regex to find groups ending with 'Admins'
40
+ describe aws_iam_groups.where(group_name: /Admins$/) do
41
+ its('group_names') { should include 'FriendlyAdmins' }
42
+ its('group_names') { shoud_not include 'ShunnedAdmins' }
43
+ end
44
+
45
+ ## Properties
46
+
47
+ ### group_names
48
+
49
+ An Array of Strings, reflecting the IAM group names matched by the filter. If no groups matched, this will be empty. You can also use this with `aws_iam_group` to enumerate groups.
50
+
51
+ # Check for friendly people
52
+ describe aws_iam_groups.where(group_name: /Admins$/) do
53
+ its('group_names') { should include 'FriendlyAdmins' }
54
+ its('group_names') { should include 'KindAdmins' }
55
+ end
56
+
57
+ # Use to loop and fetch groups individually for auditing in detail
58
+ # Without a `where`, this fetches all groups
59
+ aws_iam_groups.group_names.each do |group_names|
60
+ # A roundabout way of saying "bob should not be in any groups"
61
+ describe aws_iam_group(group_name) do
62
+ its('users') { should_not include 'bob' }
63
+ end
64
+ end
65
+
33
66
  ## Matchers
34
67
 
35
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
68
+ This resource has no resource-specific matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
36
69
 
37
70
  ### exists
38
71
 
@@ -38,15 +38,19 @@ The following examples show how to use this InSpec audit resource.
38
38
 
39
39
  ### Test that the logged-in user's crontab has no tasks set to run on every hour and every minute
40
40
 
41
- describe crontab.where({'hour' => '*', 'minute' => '*'}) do
42
- its('entries.length') { should cmp '0' }
43
- end
41
+ ```ruby
42
+ describe crontab.where({'hour' => '*', 'minute' => '*'}) do
43
+ its('entries.length') { should cmp '0' }
44
+ end
45
+ ```
44
46
 
45
47
  ### Test that the logged-in user's crontab contains a single command that matches a pattern
46
48
 
47
- describe crontab.where { command =~ /a partial command string/ } do
48
- its('entries.length') { should cmp 1 }
49
- end
49
+ ```ruby
50
+ describe crontab.where { command =~ /a partial command string/ } do
51
+ its('entries.length') { should cmp 1 }
52
+ end
53
+ ```
50
54
 
51
55
  ### Test a special time string (i.e., @yearly /root/annual_report.sh)
52
56
 
@@ -51,31 +51,33 @@ Verify prime modulus used for the Diffie-Hellman operation:
51
51
 
52
52
  Example using multi-line string:
53
53
 
54
- describe dh_params('/path/to/file.dh_pem') do
55
- its('modulus') do
56
- # regex removes all whitespace
57
- should eq <<-EOF.gsub(/[[:space:]]+/, '')
58
- 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
59
- f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
60
- 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
61
- 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
62
- 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
63
- ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
64
- 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
65
- 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
66
- 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
67
- 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
68
- 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
69
- e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
70
- 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
71
- 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
72
- 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
73
- 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
74
- 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
75
- cd:13
76
- EOF
77
- end
78
- end
54
+ ```ruby
55
+ describe dh_params('/path/to/file.dh_pem') do
56
+ its('modulus') do
57
+ # regex removes all whitespace
58
+ should eq <<-EOF.gsub(/[[:space:]]+/, '')
59
+ 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
60
+ f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
61
+ 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
62
+ 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
63
+ 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
64
+ ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
65
+ 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
66
+ 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
67
+ 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
68
+ 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
69
+ 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
70
+ e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
71
+ 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
72
+ 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
73
+ 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
74
+ 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
75
+ 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
76
+ cd:13
77
+ EOF
78
+ end
79
+ end
80
+ ```
79
81
 
80
82
  ### prime_length (Integer)
81
83
 
@@ -95,19 +97,21 @@ Verify `pem` output of DH parameters:
95
97
 
96
98
  Example using multi-line string:
97
99
 
98
- its('pem') do
99
- # regex removes all leading spaces
100
- should eq <<-EOF.gsub(/^[[:blank:]]+/, '')
101
- -----BEGIN DH PARAMETERS-----
102
- MIIBCAKCAQEAkaAVieW8OJMSAvyRooX39yljLtNOeob37oT+QtBIvJyR1VT4eB3A
103
- QXiixKwaJIudiFWYC6ynI+vCqisuqfmv1I5OEbx/NaKs2jrv8CVsmqT9ACh2hixX
104
- h2cwXbHWWyKPcqHq3ovvnjMaQJJohQJUAgn6wGDBPE4oJtvtJY44IVZA3MDAZh8r
105
- MsO0eKkmlOr3QSiy9VsBOAxGCYUmTWkSjZUPNeLmTkc6ht2Ksv5FFSfYWcI89GL/
106
- X3Tpd5JQRzYrBVdg7nuhYMwceit3GIo398cxPhXLFX97Zpb7xr591gNeDWB1K1ti
107
- KqM3tjT5/pZM9sXjoVKvAcFPx0Kgvu3NEwIBAg==
108
- -----END DH PARAMETERS-----
109
- EOF
110
- end
100
+ ```ruby
101
+ its('pem') do
102
+ # regex removes all leading spaces
103
+ should eq <<-EOF.gsub(/^[[:blank:]]+/, '')
104
+ -----BEGIN DH PARAMETERS-----
105
+ MIIBCAKCAQEAkaAVieW8OJMSAvyRooX39yljLtNOeob37oT+QtBIvJyR1VT4eB3A
106
+ QXiixKwaJIudiFWYC6ynI+vCqisuqfmv1I5OEbx/NaKs2jrv8CVsmqT9ACh2hixX
107
+ h2cwXbHWWyKPcqHq3ovvnjMaQJJohQJUAgn6wGDBPE4oJtvtJY44IVZA3MDAZh8r
108
+ MsO0eKkmlOr3QSiy9VsBOAxGCYUmTWkSjZUPNeLmTkc6ht2Ksv5FFSfYWcI89GL/
109
+ X3Tpd5JQRzYrBVdg7nuhYMwceit3GIo398cxPhXLFX97Zpb7xr591gNeDWB1K1ti
110
+ KqM3tjT5/pZM9sXjoVKvAcFPx0Kgvu3NEwIBAg==
111
+ -----END DH PARAMETERS-----
112
+ EOF
113
+ end
114
+ ```
111
115
 
112
116
  Verify via `openssl dhparam` command:
113
117
 
@@ -131,32 +135,34 @@ Verify human-readable text output of DH parameters:
131
135
 
132
136
  Example using multi-line string:
133
137
 
134
- its('text') do
135
- # regex removes 2 leading spaces
136
- should eq <<-EOF.gsub(/^[[:blank:]]{2}/, '')
137
- PKCS#3 DH Parameters: (2048 bit)
138
- prime:
139
- 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
140
- f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
141
- 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
142
- 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
143
- 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
144
- ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
145
- 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
146
- 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
147
- 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
148
- 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
149
- 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
150
- e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
151
- 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
152
- 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
153
- 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
154
- 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
155
- 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
156
- cd:13
157
- generator: 2 (0x2)
158
- EOF
159
- end
138
+ ```ruby
139
+ its('text') do
140
+ # regex removes 2 leading spaces
141
+ should eq <<-EOF.gsub(/^[[:blank:]]{2}/, '')
142
+ PKCS#3 DH Parameters: (2048 bit)
143
+ prime:
144
+ 00:91:a0:15:89:e5:bc:38:93:12:02:fc:91:a2:85:
145
+ f7:f7:29:63:2e:d3:4e:7a:86:f7:ee:84:fe:42:d0:
146
+ 48:bc:9c:91:d5:54:f8:78:1d:c0:41:78:a2:c4:ac:
147
+ 1a:24:8b:9d:88:55:98:0b:ac:a7:23:eb:c2:aa:2b:
148
+ 2e:a9:f9:af:d4:8e:4e:11:bc:7f:35:a2:ac:da:3a:
149
+ ef:f0:25:6c:9a:a4:fd:00:28:76:86:2c:57:87:67:
150
+ 30:5d:b1:d6:5b:22:8f:72:a1:ea:de:8b:ef:9e:33:
151
+ 1a:40:92:68:85:02:54:02:09:fa:c0:60:c1:3c:4e:
152
+ 28:26:db:ed:25:8e:38:21:56:40:dc:c0:c0:66:1f:
153
+ 2b:32:c3:b4:78:a9:26:94:ea:f7:41:28:b2:f5:5b:
154
+ 01:38:0c:46:09:85:26:4d:69:12:8d:95:0f:35:e2:
155
+ e6:4e:47:3a:86:dd:8a:b2:fe:45:15:27:d8:59:c2:
156
+ 3c:f4:62:ff:5f:74:e9:77:92:50:47:36:2b:05:57:
157
+ 60:ee:7b:a1:60:cc:1c:7a:2b:77:18:8a:37:f7:c7:
158
+ 31:3e:15:cb:15:7f:7b:66:96:fb:c6:be:7d:d6:03:
159
+ 5e:0d:60:75:2b:5b:62:2a:a3:37:b6:34:f9:fe:96:
160
+ 4c:f6:c5:e3:a1:52:af:01:c1:4f:c7:42:a0:be:ed:
161
+ cd:13
162
+ generator: 2 (0x2)
163
+ EOF
164
+ end
165
+ ```
160
166
 
161
167
  Verify via `openssl dhparam` command:
162
168
 
@@ -189,7 +195,7 @@ Verify via `openssl dhparam` command:
189
195
 
190
196
  For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
191
197
 
192
- ### valid?
198
+ ### be_valid
193
199
 
194
200
  Verify whether DH parameters are valid:
195
201
 
@@ -50,7 +50,7 @@ The `id` property returns the service id:
50
50
 
51
51
  ### image
52
52
 
53
- The `image` property tests the value of the image. It is a combination of `repository:tag`:
53
+ The `image` property is a combination of `repository:tag` it tests the value of the image:
54
54
 
55
55
  its('image') { should eq 'alpine:latest' }
56
56
 
@@ -89,7 +89,7 @@ Use the optional constructor parameter to give an alternative path to fstab file
89
89
  its('dump_options') { should cmp 0 }
90
90
  end
91
91
 
92
- ### file_system_options
92
+ ### file\_system\_options
93
93
 
94
94
  `file_system_options` returns a integer array of each partitions file system option.
95
95
 
@@ -80,7 +80,7 @@ The `be_running` matcher tests if the firewalld service is running:
80
80
 
81
81
  it { should be_running }
82
82
 
83
- ### have_zone
83
+ ### `have_zone`
84
84
 
85
85
  `have_zone` returns true or false if the zone is set on firewalld. It does not mean the zone is active.
86
86
 
@@ -172,7 +172,7 @@ In InSpec 2.0, the HTTP test will automatically execute remotely whenever InSpec
172
172
 
173
173
  The `body` matcher tests body content of http response:
174
174
 
175
- its('body') { should eq 'hello\n' }
175
+ its('body') { should eq 'hello\n' }
176
176
 
177
177
  ### headers
178
178
 
@@ -28,7 +28,7 @@ where
28
28
  * `'site_name'` is the name of the site, such as `'Default Web Site'`
29
29
  * `('application_pool')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'`
30
30
  * `('protocols')` is a binding for the site, such as `'http'`. A site may have multiple bindings; therefore, use a `have_protocol` matcher for each site protocol to be tested
31
- * `('physical_path') is the physical path to the application, such as `'C:\\inetpub\\wwwroot\\myapp'`
31
+ * `('physical_path')` is the physical path to the application, such as `'C:\\inetpub\\wwwroot\\myapp'`
32
32
 
33
33
  For example:
34
34
 
@@ -5,7 +5,7 @@ platform: linux
5
5
 
6
6
  # inetd_conf
7
7
 
8
- Use the `inetd_conf` InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.`
8
+ Use the `inetd_conf` InSpec audit resource to test if a service is listed in the `inetd.conf` file on Linux and Unix platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The `inetd.conf` file is typically located at `/etc/inetd.conf` and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.
9
9
 
10
10
  <br>
11
11
 
@@ -32,7 +32,7 @@ where
32
32
 
33
33
  ## Properties
34
34
 
35
- * 'compiler_info', 'error_log_path', 'http_client_body_temp_path', 'http_fastcgi_temp_path', 'http_log_path', 'http_proxy_temp_path', 'http_scgi_temp_path', 'http_uwsgi_temp_path', 'lock_path', 'modules', 'modules_path', 'openssl_version', 'prefix', 'sbin_path', 'service', 'support_info', 'version'
35
+ * `compiler_info`, `error_log_path`, `http_client_body_temp_path`, `http_fastcgi_temp_path`, `http_log_path`, `http_proxy_temp_path`, `http_scgi_temp_path`, `http_uwsgi_temp_path`, `lock_path`, `modules`, `modules_path`, `openssl_version`, `prefix`, `sbin_path`, `service`, `support_info`, `version`
36
36
 
37
37
  <br>
38
38
 
@@ -5,7 +5,7 @@ platform: os
5
5
 
6
6
  # npm
7
7
 
8
- Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for Node.js packages (https://docs.npmjs.com), such as Bower and StatsD.
8
+ Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for [Node.js packages](https://docs.npmjs.com), such as Bower and StatsD.
9
9
 
10
10
  <br>
11
11
 
@@ -22,6 +22,14 @@ where
22
22
  * `('npm_package_name')` must specify an NPM package, such as `'bower'` or `'statsd'`
23
23
  * `be_installed` is a valid matcher for this resource
24
24
 
25
+ You can also specify additional options:
26
+
27
+ describe npm('npm_package_name', path: '/path/to/project') do
28
+ it { should be_installed }
29
+ end
30
+
31
+ The `path` specifies a folder, that contains a `node_modules` subdirectory. It emulates running `npm` inside the specified folder. This way you can inspect local NPM installations as well as global ones.
32
+
25
33
  <br>
26
34
 
27
35
  ## Examples