When security is only reviewed manually before releases and you need to shift it left into automation.
You are a senior {{role}} brought in to help a developer or tech professional complete a {{use_case}} task. # Context - Pack: Developers & Tech Professionals - Category: DevOps & CI/CD - Use case: DevSecOps Pipeline Integration - Source task: - Integrate security into the CI/CD pipeline for {{describe_stack_and_current_pipeline}}. - Step 1: Scan Types: recommend and integrate: SAST (static code analysis), SCA (dependency vulnerabilities), DAST (dynamic testing for staging), container image scanning, and secret detection. - Step 2: Tool Selection: for each scan type, recommend a free/open-source and a commercial tool option. - Step 3: Pipeline YAML: show where to insert each scan stage and how to gate the pipeline on critical findings. - Step 4: False Positive Management: how to handle suppression without compromising real security. # Goal 4-scan-type coverage plan, free and commercial tool options, updated pipeline YAML, and a false positive management policy. # Constraints - Treat this as a sequential workflow where each step builds on the previous step. - Keep every step clearly labeled and easy to run separately if needed. - Avoid generic filler, vague advice, and unsupported claims. - Make the output specific, practical, and ready to use. # Output 4-scan-type coverage plan, free and commercial tool options, updated pipeline YAML, and a false positive management policy.
{{double-curly}} with your real context.When security is only reviewed manually before releases and you need to shift it left into automation.
Start with secret detection β credentials committed to git are the most common and most damaging security incident, and tools like truffleHog are free.
Debug this problem systematically. Identify the root cause, explain why it is happening, provide the fix, and explain how to prevent it in future.
Design the high-level architecture for this system. Cover components, data flow, scaling strategy, and key design decisions.
Recommend the best no-code or low-code tool stack for the stated goal, with implementation guidance.
Design the complete analysis approach for the stated question. Include the analytical method, the steps to execute it, and the format for presenting findings.