Chef-Guard protects your Chef server from untested and uncommitted cookbooks
Clone or download
Pull request Compare This branch is 77 commits behind xanzy:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Chef-Guard Build Status Gobuild Download Gowalker Docs

NOTE: Even while the code is considered to be stable, Chef-Guard is still in BETA! So there will be some rapid changes to the code until version 1.0.0 is released!

Chef-Guard is a feature rich Chef add-on that protects your Chef server from untested and uncommitted (i.e. potentially dangerous) cookbooks by running several validations and checks during the cookbook upload process. In addition Chef-Guard will also monitor, audit, save and email (including a diff with the actual change) all configuration changes and is even capable of validating certain changes before passing them through to Chef.

So installing Chef-Guard onto your Chef server(s) will give you a highly configurable component that enables you to configure and enforce a common workflow for all your colleagues working with Chef.

Technically you can think of Chef-Guard as an extremely smart reverse proxy server written in Go and located/installed right in between Nginx and the Chef Server (see the Installation section for more details). This means that Chef-Guard runs completely server-side and does not require any client-side changes! This gives you the freedom to use whatever tools you like (e.g. knife, berks, the webui) to work with your Chef server and Chef-Guard will make sure all these tools follow the same workflow.


Assuming enough Chef knowledge, it shouldn't take more than 30 minutes to get you started!

  • Read the Chef-Guard documentation explaining and describing what Chef-Guard is and how it works
  • Assuming you already have a running Chef environment, walk through the Chef-Guard prerequisites
  • Your now ready to follow the actual installation which (if you prefer) can be done using a cookbook in just a few minutes


You don't need to build Chef-Guard yourself in order to use it. Pre-built binaries, instructions and a ready to use cookbook can all be found here. If however you would like to contribute to Chef-Guard and/or just feel adventurous and want to build CHef-Guard yourself, please see the contributing documentation to get you started.

Getting Help

Please read the docs first!

  • If you have an issue: report it on the issue tracker
  • If you have a question: visit the #chef-guard channel on


Sander van Harmelen (


Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at