Skip to main content
Run any Skill in Manus
with one click

iac-security

Stars158
Forks34
UpdatedJune 18, 2026 at 15:39

Guidance for securing Infrastructure-as-Code (Bicep, ARM, Terraform, and ACI/Container) pipelines on Azure — shift-left scanning, policy-as-code, secret hygiene, identity for pipelines, drift detection, and supply chain. Covers Microsoft Defender for Cloud DevOps Security (GitHub / Azure DevOps connectors), Microsoft Security DevOps (MSDO) extension, Bicep linter and template specs, Terraform best practices on Azure (state management, backend hardening, provider versions), Azure Policy as deploy-time and CI-time gate, GitOps with Flux/ArgoCD on AKS, secret scanning and dependency review, signed commits / artifact signing, OIDC federation for pipeline identity (no client secrets), and integration with Defender for Cloud posture. WHEN: IaC security, Bicep security, Terraform Azure security, Defender for Cloud DevOps Security, MSDO, Microsoft Security DevOps, shift-left Azure, policy as code, OIDC GitHub Actions Azure, secrets in IaC, drift detection, signed Bicep, supply chain Azure. DO NOT USE for Kubernetes a

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

SKILL.md
readonly