moai-ref-secops
DevSecOps, Container, and API Operational Security Reference
Defensive practitioner reference for the operational layer of a system — the pipeline that builds it, the container and orchestrator that run it, and the API surface it exposes at runtime. Every section is framed as defense, hardening, detection, or verification: it describes the misconfiguration, how to detect it, and how to prevent it, never how to exploit it.
This skill is split into three modules by sub-domain. The overview below gives the shared threat model and an entry point; the depth lives in the modules. The threat model is operational: a pipeline can be subverted to inject a build step, a container can be misconfigured into a host breakout, and a running API can leak one tenant's data to another. The defenses establish least privilege, isolation, detection, and runtime authorization at each layer.