2

In InSpec 1.9.0 I defined the following profile with dependency, including all controls from the dependent profile.

However, when executing I get the error indicating the profile "is not listed as dependency"

What am I missing?

  • inspec.yml:

    name: my-profile
version: 0.0.1
supports:
  - os-family: unix
depends:
  - name: ssh-baseline
    url: https://github.com/dev-sec/ssh-baseline/archive/master.zip

  • controls/include_ssh_baseline.rb:

    include_controls 'ssh-baseline'

  • Command:

    inspec exec my-profile -t ssh://user@host.domain

  • The result of executing the profile:

    Cannot load ssh-baseline since it is not listed as a dependency
    of my-profile.

    Dependencies available from this context are:
     
     

    (two empty lines)

I don't see a syntax error. It's almost copy-paste example from InSpec Profiles page.

The following dependency definition (git instead of url) also caused the same error message as above:

depends:
  - name: ssh-baseline
    git: https://github.com/dev-sec/ssh-baseline.git
techraf
  • 64,883
  • 27
  • 193
  • 198

2 Answers2

2

inspec.lock file is created on the first profile execution and contains a reference to the dependencies. If you build your profile incrementally you might end up with an inspec.yml file containing no dependencies (from the first run):

---
lockfile_version: 1
depends: []

You need to delete the file if you want changes to the inspec.yml to be reflected or run the following inside the profile directory:

inspec vendor --overwrite

See Vendoring dependencies (it doesn't mention --overwrite, but it immediately throws an error if it's not present):

When you execute a local profile, the inspec.yml file will be read in order to source any profile dependencies. It will then cache the dependencies locally and generate an inspec.lock file. If you add or update dependencies in inspec.yml, please refresh the lock file by either:

  • running inspec vendor inside the profile directory; or
  • deleting inspec.lock before running inspec exec
Community
  • 1
  • 1
techraf
  • 64,883
  • 27
  • 193
  • 198
1

I just created it a profile based on your post and it works without any issues. I used inspec 1.9.0. Just to be sure, can you try inspec exec ./my-profile -t ssh://user@host.domain?

Christoph Hartmann
  • 61
  • 5
  • Thank you, it helped. I wasn't aware of `inspec.lock` caching dependencies (or rather lack of dependencies) if I first execute the profile without them. [Answered myself](http://stackoverflow.com/a/41772686/2947502). – techraf Jan 20 '17 at 21:35