Posts Tagged "DevSecOps"
Closing the Security Scanning Gaps in Your CI/CD Pipeline
tfsec already guards your Terraform code. But secrets, container CVEs, and vulnerable npm packages can still slip through. Here is how to close every gap with five focused tools — free, open-source, and wired into your existing GitHub Actions workflow.
Read Post
Building a Security Scan Skill with Claude Code
How I built a single Claude Code custom slash command that automatically detects your project stack and runs 11 specialized security tools — covering secrets, dependency CVEs, container images, IaC misconfigurations, and SAST across 8 languages and 7 IaC frameworks.
Read Post
Terraform Multi-Layer Architecture: Bootstrap, Foundation, Platform, Application
A practical guide to structuring Terraform into four independent layers — solving the chicken-and-egg bootstrap problem, isolating blast radius, enforcing least-privilege IAM per layer, and wiring everything together with remote state references.
Read Post