Security specialty

Devsecops

Browse every cataloged workflow for devsecops, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

18 skills

cybersecuritySkill

Building DevSecOps Pipeline with GitLab CI

Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.

Devsecops
cicd-securitycontainer-scanningdastdependency-scanning+4
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Aqua Security for Container Scanning

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.

Devsecops
aqua-securitycontainer-scanningimage-securitysbom+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Code Signing for Artifacts

This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout the software supply chain. It addresses signing binaries, packages, and containers using GPG, Sigstore, and platform-specific signing tools, establishing trust chains, and verifying signatures in deployment pipelines.

Devsecops
cicdcode-signingdevsecopssecure-sdlc+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Fuzz Testing in CI/CD with AFL++

Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.

Devsecops
aflaflpluspluscicdcoverage-guided-fuzzing+3
ATT&CK, 5 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 3 mappings
cybersecuritySkill

Implementing GitHub Advanced Security for Code Scanning

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.

Devsecops
code-scanningcodeqldevops-securitygithub-advanced-security+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Infrastructure as Code Security Scanning

This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using tools like Checkov, tfsec, and KICS. It addresses detecting misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and Helm charts before deployment, establishing policy-based governance, and integrating IaC scanning into CI/CD pipelines to prevent insecure cloud resource provisioning.

Devsecops
checkovcicddevsecopsiac-security+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Policy as Code with Open Policy Agent

This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes and CI/CD pipelines. It addresses writing Rego policies, deploying OPA Gatekeeper as a Kubernetes admission controller, testing policies in development, and integrating policy evaluation into deployment pipelines.

Devsecops
cicddevsecopsgatekeeperkubernetes+3
ATT&CK, 5 mappingsNIST CSF, 4 mappingsAI RMF, 3 mappings
cybersecuritySkill

Implementing Secret Scanning with Gitleaks

This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories. It addresses configuring pre-commit hooks, CI/CD pipeline integration, custom rule authoring for organization-specific secrets, baseline management for existing repositories, and remediation workflows for exposed credentials.

Devsecops
cicddevsecopsgitleakspre-commit+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Secrets Scanning in CI/CD

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

Devsecops
ci-cdgitleakssecrets-scanningtrufflehog
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Semgrep for Custom SAST Rules

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.

Devsecops
code-securitycustom-rulesdevsecopssast+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Integrating DAST with OWASP ZAP in Pipeline

This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.

Devsecops
cicddastdevsecopsdynamic-testing+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Integrating SAST into GitHub Actions Pipeline

This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub Actions CI/CD pipelines. It addresses configuring automated code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results to GitHub Advanced Security, and establishing quality gates that block merges when high-severity vulnerabilities are detected.

Devsecops
cicdcodeqldevsecopssast+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Container Image Hardening

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

Devsecops
cicdcis-benchmarkcontainer-hardeningdevsecops+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing SCA Dependency Scanning with Snyk

This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.

Devsecops
cicddependency-scanningdevsecopssca+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Threat Modeling with OWASP Threat Dragon

Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review.

Devsecops
data-flowdfdlinddunowasp+4
ATT&CK, 3 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 3 mappings
cybersecuritySkill

Scanning Containers with Trivy in CI/CD

This skill covers integrating Aqua Security's Trivy scanner into CI/CD pipelines for comprehensive container image vulnerability detection. It addresses scanning Docker images for OS package and application dependency CVEs, detecting misconfigurations in Dockerfiles, scanning filesystem and git repositories, and establishing severity-based quality gates that block deployment of vulnerable images.

Devsecops
cicdcontainer-securitydevsecopssecure-sdlc+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Scanning IaC and Images with Trivy

Scan container images, IaC, and SBOMs for vulnerabilities and misconfigurations in CI/CD with Trivy.

Devsecops
ci-cdcontainer-securitydevsecopsiac-security+4
ATT&CK, 1 mappingNIST CSF, 1 mapping
cybersecuritySkill

Securing GitHub Actions Workflows

This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes.

Devsecops
cicddevsecopsgithub-actionssecure-sdlc+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings