在 InSpec 1.9.0 中,我定义了以下具有依赖性的配置文件,包括依赖配置文件中的所有控件。
但是,执行时出现错误,指示配置文件“未列为依赖项”
我错过了什么?
inspec.yml
:name: my-profile version: 0.0.1 supports: - os-family: unix depends: - name: ssh-baseline url: https://github.com/dev-sec/ssh-baseline/archive/master.zip
controls/include_ssh_baseline.rb
:include_controls 'ssh-baseline'
命令:
inspec exec my-profile -t ssh://<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="691c1a0c1b2901061a1d470d0604080007" rel="noreferrer noopener nofollow">[email protected]</a>
执行配置文件的结果:
Cannot load ssh-baseline since it is not listed as a dependency
of my-profile.Dependencies available from this context are:
(两个空行)
我没有看到语法错误。这几乎是 InSpec Profiles 中的复制粘贴示例页。
以下依赖项定义(git
而不是 url
)也会导致与上面相同的错误消息:
depends:
- name: ssh-baseline
git: https://github.com/dev-sec/ssh-baseline.git
最佳答案
inspec.lock
文件在第一次配置文件执行时创建,并包含对依赖项的引用。如果您逐步构建配置文件,您最终可能会得到一个不包含依赖项的 inspec.yml
文件(从第一次运行开始):
---
lockfile_version: 1
depends: []
如果您希望反射(reflect)对 inspec.yml
的更改,则需要删除该文件,或者在配置文件目录中运行以下命令:
inspec vendor --overwrite
参见Vendoring dependencies (它没有提到 --overwrite
,但如果它不存在,它会立即抛出错误):
When you execute a local profile, the
inspec.yml
file will be read in order to source any profile dependencies. It will then cache the dependencies locally and generate aninspec.lock
file. If you add or update dependencies ininspec.yml
, please refresh the lock file by either:
- running
inspec vendor
inside the profile directory; or- deleting
inspec.lock
before running inspec exec
关于InSpec:定义依赖项时为 "Cannot load <profile> since it is not listed as a dependency",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41765526/