moai-ref-secops

Featured

DevSecOps, container, and API operational defensive security reference: CI/CD pipeline hardening, secret scanning, IaC misconfiguration detection, SAST/DAST integration, container image scanning, Kubernetes RBAC hardening, container-escape defense, runtime threat detection, OWASP API Top 10 operational defense, WAF rule tuning, and GraphQL/REST depth and rate limiting. Agent-extending skill that amplifies backend, security, and platform-engineering work with production-grade defensive patterns for pipelines, containers, and running APIs. NOT for: offensive techniques (exploit execution, container-escape attack steps, privilege-escalation procedures, attack tooling), dev-time web-app OWASP Top 10 (see moai-ref-owasp-checklist), LLM/AI security (see moai-ref-llm-security), supply-chain provenance and signing (see moai-ref-supply-chain), or general API design (see moai-ref-api-patterns).

AI & Automation 1,120 stars 207 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# DevSecOps, Container, and API Operational Security Reference Defensive practitioner reference for the operational layer of a system — the pipeline that builds it, the container and orchestrator that run it, and the API surface it exposes at runtime. Every section is framed as defense, hardening, detection, or verification: it describes the misconfiguration, how to detect it, and how to prevent it, never how to exploit it. This skill is split into three modules by sub-domain. The overview below gives the shared threat model and an entry point; the depth lives in the modules. The threat model is operational: a pipeline can be subverted to inject a build step, a container can be misconfigured into a host breakout, and a running API can leak one tenant's data to another. The defenses establish least privilege, isolation, detection, and runtime authorization at each layer. ## Three Sub-Domains (modules) | Sub-domain | Module | Covers | |------------|--------|--------| | DevSecOps | [modules/devsecops.md](modules/devsecops.md) | CI/CD pipeline hardening, secret scanning, IaC misconfiguration detection (Terraform / CloudFormation), SAST/DAST integration | | Container | [modules/container.md](modules/container.md) | Image scanning, Kubernetes RBAC hardening, container-escape defense (seccomp / AppArmor / read-only root / non-root), runtime threat detection | | API operational | [modules/api-ops.md](modules/api-ops.md) | OWASP API Top 10 operational defense (BOLA / broken-auth d...

Details

Author
modu-ai
Repository
modu-ai/moai-adk
Created
9 months ago
Last Updated
today
Language
Go
License
Apache-2.0

Integrates with

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

moai-ref-supply-chain

Software supply-chain defensive security reference: SBOM generation and verification (SPDX / CycloneDX), dependency-confusion defense, malicious-package triage playbook, SLSA provenance levels, Sigstore / cosign signing and verification, package-registry hardening, typosquatting defense, and transitive-dependency auditing. Agent-extending skill that amplifies backend, security, and release-engineering work with production-grade defensive patterns for the software supply chain. NOT for: offensive techniques (dependency-confusion attack execution, malicious package authoring, registry exploitation), LLM/AI-specific security (see moai-ref-llm-security), web-app OWASP Top 10 (see moai-ref-owasp-checklist), or general API design (see moai-ref-api-patterns).

1,120 Updated today
modu-ai
AI & Automation Featured

moai-ref-llm-security

AI/LLM defensive security reference: prompt-injection defense, OWASP LLM Top 10 defensive mapping, MCP and agentic tool-call hardening, training-data poisoning detection, model-output validation and guardrails, MITRE ATLAS defensive correlation, and NIST AI RMF governance. Agent-extending skill that amplifies backend, security, and AI-application engineering with production-grade defensive patterns for LLM-backed systems. NOT for: offensive techniques (jailbreak authoring, attack-payload crafting, red-team exploitation), model training or fine-tuning methodology, prompt optimization for capability, web-app OWASP Top 10 (see moai-ref-owasp-checklist), or general API design (see moai-ref-api-patterns).

1,120 Updated today
modu-ai
AI & Automation Featured

moai-ref-owasp-checklist

OWASP Top 10 security checklist, authentication patterns, input validation, and HTTP security headers reference. Agent-extending skill that amplifies backend-implementation and security-audit workflows with production-grade security patterns. NOT for: frontend UI, DevOps deployment, performance optimization, testing strategy.

1,120 Updated today
modu-ai