DevSecOps and automation prompts

Design a secure CI/CD pipeline for [application type] using [Jenkins/GitLab CI/GitHub Actions/Azure DevOps/CircleCI]. Include:
- Source code repository security (branch protection, signed commits)
- Build environment isolation and ephemeral runners
- Security scanning stages (SAST, DAST, SCA, secrets detection)
- Artifact signing and verification
- Deployment approval gates and RBAC
- Environment-specific configurations (dev/staging/prod)
- Audit logging of pipeline executions
- Failure handling and rollback automation
- Integration with security tools ([specific tools or request recommendations])
- Pipeline-as-code version control

Map to ISO 27001 A.12.1, A.14.2, SOC 2 CC8.1.

Create security gate policies for CI/CD pipeline that enforce quality and compliance. Define:
- SAST findings thresholds (critical: 0, high: 5, medium: 20)
- DAST vulnerability severity limits
- SCA dependency risk scores (CVSS thresholds)
- Code coverage minimums
- Container image vulnerability limits
- IaC security scan pass criteria
- License compliance checks
- Secret detection (hard fail on any detection)
- Build artifact size and signature verification
- Automated vs. manual approval triggers

Output as pipeline configuration for [tool] and policy documentation.

Implement secure secrets handling in [CI/CD platform] for [cloud environment]. Include:
- Integration with secrets manager ([HashiCorp Vault/AWS Secrets Manager/Azure Key Vault/GCP Secret Manager])
- Environment variable injection without exposure in logs
- Credential rotation automation
- Least privilege access for pipeline service accounts
- Secret masking in build logs
- Audit trail for secret access
- Emergency revocation procedures
- Migration from embedded secrets
- Developer access controls

Align with ISO 27001 A.9.4.3, SOC 2 CC6.7.

Design an automated vulnerability management workflow for [application/infrastructure]. Include:
- Scheduled scans (daily, weekly, on-demand)
- Scan orchestration ([tool] for apps, [tool] for infra, [tool] for containers)
- Vulnerability deduplication and correlation
- Automated triage and prioritization (CVSS + exploitability + asset criticality)
- Ticket creation in [Jira/ServiceNow/other] for remediation
- SLA tracking by severity (Critical: 7 days, High: 30 days, etc.)
- Retest automation after fixes
- Reporting and metrics dashboard
- False positive management process
- Integration with change management

Map to ISO 27001 A.12.6, SOC 2 CC7.2, NIST 800-53 RA-5.

Create continuous compliance scanning automation for [AWS/Azure/GCP/Kubernetes]. Include:
- Infrastructure compliance checks ([Cloud Custodian/Prowler/ScoutSuite])
- CIS Benchmark validation
- Policy-as-code enforcement ([OPA/Sentinel/Azure Policy])
- Configuration drift detection
- Real-time alerting for non-compliant resources
- Automated remediation for common violations (e.g., unencrypted S3 bucket → enable encryption)
- Exception management workflow
- Compliance reporting dashboard
- Evidence collection for audits
- Mapping to [ISO 27001/SOC 2/NIST CSF] controls

Output as automation scripts and compliance-as-code templates.

Design security automation playbooks for [SOAR platform/custom scripts] addressing common scenarios:
- Phishing email response (quarantine, analyze, block sender)
- Malware detection response (isolate host, collect forensics, scan network)
- Unauthorized access attempt (block IP, disable account, alert SOC)
- Vulnerable service detection (create ticket, notify owner, verify patch)
- Certificate expiration (renew, deploy, validate)
- Data leak detection (revoke access, audit trail, notify DPO)

Include decision trees, escalation criteria, and integration points with [EDR/SIEM/ticketing/communication tools]. Map to ISO 27001 A.17.1, SOC 2 CC7.3-CC7.4.

Create an automated patch management system for [OS/application/container images]. Include:
- Patch source and approval process
- Testing automation (sandbox/canary deployments)
- Deployment scheduling and maintenance windows
- Rollback procedures and health checks
- Exception handling for incompatible systems
- Reporting and compliance tracking
- Integration with [AWS Systems Manager/Azure Update Management/Ansible/Chef]
- Critical vs. routine patch SLAs
- Verification and validation automation
- Audit evidence collection

Align with ISO 27001 A.12.6.1, SOC 2 CC7.2, PCI DSS 6.2.

Design secure infrastructure provisioning automation using [Terraform/Ansible/CloudFormation/Pulumi]. Include:
- Security-hardened base configurations (CIS Benchmarks)
- Automated security agent deployment (EDR, vulnerability scanner, logging)
- Network security controls (security groups, NSGs, firewall rules)
- Encryption enablement (disk, database, storage)
- Backup configuration and scheduling
- Tagging and metadata for compliance tracking
- Post-provisioning validation tests
- Idempotency and drift correction
- Change approval workflow integration
- Documentation generation

Map to ISO 27001 A.12.1, A.13.1, SOC 2 CC6.6-CC6.8.

Create a configuration drift detection system for [cloud/on-premises] environment. Include:
- Baseline configuration definition
- Continuous monitoring ([AWS Config/Azure Policy/GCP Config Connector/Chef InSpec])
- Drift alerting with severity classification
- Automated remediation for approved changes
- Manual approval for complex drift scenarios
- Root cause analysis (who/what/when/why)
- Integration with change management system
- Drift metrics and reporting
- Exception management for intentional deviations

Align with ISO 27001 A.12.1.2, SOC 2 CC8.1.

Design automated log management for [environment] using [ELK/Splunk/CloudWatch/Azure Monitor/Cloud Logging]. Include:
- Log sources and collection agents
- Centralized storage with retention policies (1 year minimum for compliance)
- Log parsing and normalization
- Automated alerting rules for security events (failed auth, privilege escalation, data access)
- Dashboard creation for SOC and compliance teams
- Log integrity and tamper detection
- Access controls (RBAC, encryption)
- Correlation rules for attack pattern detection
- Integration with SIEM and incident response
- Compliance reporting (ISO 27001 A.12.4, SOC 2 CC7.2)

Output as configuration files and runbook.

Create automated security metrics collection and reporting for [organization]. Include:
- KPIs and data sources (vulnerability count, MTTD, MTTR, patch compliance, failed auth attempts, etc.)
- Data collection automation (APIs, log queries, compliance tools)
- Metrics aggregation and normalization
- Dashboard visualization ([Grafana/Tableau/Power BI/custom])
- Scheduled reporting (weekly operational, monthly leadership, quarterly board)
- Trend analysis and anomaly detection
- Benchmarking against industry standards
- Integration with GRC platforms
- Compliance mapping (ISO 27001 A.18.2.3, SOC 2 CC4.1)

Output as scripts, dashboard configs, and report templates.

Build a container security automation pipeline for [Docker/Podman] in [CI/CD tool]. Include:
- Base image auto-updates and scanning
- Build-time vulnerability scanning ([Trivy/Grype/Clair/Anchore])
- SBOM generation and storage
- Image signing with [Cosign/Docker Content Trust]
- Admission control policies ([OPA/Kyverno])
- Runtime vulnerability scanning
- Image promotion workflow (dev → staging → prod based on security posture)
- Cleanup of vulnerable images from registry
- Compliance checks (no root users, read-only filesystem)
- Audit logging

Map to ISO 27001 A.14.2, SOC 2 CC8.1, NIST SP 800-190.

Design Kubernetes security automation for [EKS/AKS/GKE/self-managed] cluster. Include:
- Automated RBAC policy generation and validation
- Pod Security Standard enforcement
- Network policy automation based on service dependencies
- Certificate rotation (kubelet, API server, ingress)
- CIS Benchmark compliance scanning ([kube-bench/kube-hunter])
- Runtime threat detection ([Falco/OSSEC])
- Resource quota and limit enforcement
- Namespace isolation and policy
- Secret rotation automation
- Audit log analysis and alerting

Align with ISO 27001 A.12.6, A.13.1, SOC 2 CC6.6.

Create an automated compliance evidence collection system for [ISO 27001/SOC 2/NIST/GDPR/multi-framework]. Include:
- Evidence sources (logs, configs, scans, tickets, training records)
- Collection schedule (daily, weekly, monthly, quarterly)
- Evidence storage with immutability (S3 Object Lock/Azure Immutable Blob)
- Metadata tagging (control mapping, date, source)
- Automated validation (file integrity, completeness checks)
- Access controls and audit trail
- Report generation for auditors
- Gap identification and alerting
- Integration with GRC platforms ([Vanta/Drata/Secureframe])
- Retention policy automation (7 years for ISO 27001)

Output as automation scripts and evidence matrix spreadsheet.

Design continuous control monitoring for [compliance framework]. Include:
- Control-to-technical-check mapping (e.g., ISO 27001 A.9.2.1 → MFA enabled check)
- Automated testing schedule (daily/weekly/on-change)
- Testing methodology (configuration checks, log queries, API calls)
- Pass/fail criteria and scoring
- Deviation alerting and remediation workflows
- Control effectiveness trending
- Audit-ready reporting
- Exception and compensating control tracking
- Integration with risk management
- Evidence linkage

Map technical checks to [ISO 27001/SOC 2/NIST 800-53] control requirements.

Design a security tool integration architecture for [organization size]. Include:
- Tool inventory (SIEM, EDR, vulnerability scanner, SOAR, GRC, ticketing, etc.)
- Integration patterns (API, webhook, syslog, file export)
- Data flow and normalization
- Central orchestration platform ([SOAR/custom])
- Authentication and authorization between tools
- Error handling and retry logic
- Monitoring of integrations
- Documentation and runbooks
- Scalability and performance considerations

Create architecture diagram and integration specifications.