Iac on AI-Assisted DevSecOps Workflowshttps://adurrr.github.io/ai-devsecops-workflows/tags/iac/Recent content in Iac on AI-Assisted DevSecOps WorkflowsHugoenPractical Use Cases & Patternshttps://adurrr.github.io/ai-devsecops-workflows/docs/use-cases/Mon, 01 Jan 0001 00:00:00 +0000https://adurrr.github.io/ai-devsecops-workflows/docs/use-cases/<div class="alert alert-info" role="alert"><div class="h4 alert-heading" role="heading">Start with CLI Tools</div> For quick operations and one-off queries, start with CLI tools (ShellGPT) before moving to pair programming or multi-agent workflows. This reduces overhead and speeds up routine tasks. </div> <h2 id="incident-response">Incident Response</h2> <h3 id="scenario-container-escape-detection">Scenario: Container Escape Detection</h3> <p><strong>Situation:</strong> Monitoring alert indicates potential container escape attempt</p> <p><strong>Workflow:</strong></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Step 1: Initial reconnaissance (CLI)</span> </span></span><span style="display:flex;"><span>kubectl get events --sort-by<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;.lastTimestamp&#39;</span> | <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> sgpt <span style="color:#e6db74">&#34;filter for security events, suspicious activity&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Step 2: Deep investigation (Pair programming)</span> </span></span><span style="display:flex;"><span>aider </span></span><span style="display:flex;"><span>&gt; <span style="color:#e6db74">&#34;Analyze this pod&#39;s security context. Check for privileged mode, </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">&gt; hostPath mounts, and dangerous capabilities&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Step 3: Remediation planning (Multi-Agent)</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Oracle: Assess blast radius</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Fixer: Generate hardened pod spec</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Council: Validate fix approach</span> </span></span></code></pre></div><p><strong>Commands:</strong></p>