---
name: security
description: DevSecOps practices including secrets management, SSL/TLS, vulnerability scanning, and compliance
sasmp_version: "1.3.0"
bonded_agent: 07-cloud-infrastructure
bond_type: SECONDARY_BOND
---

# Security Skill

## MANDATORY
- Secrets management (Vault, AWS Secrets Manager)
- SSL/TLS certificate management
- SSH key management and hardening
- Container image scanning
- RBAC and access control

## OPTIONAL
- SAST/DAST security testing
- Compliance as Code (OPA, Rego)
- Network security and firewalls
- Identity management (IAM)
- Vulnerability management

## ADVANCED
- Zero-trust architecture
- Security automation and SOAR
- Penetration testing integration
- Incident response automation
- Security chaos engineering

## Assets
- See `assets/security-practices.yaml` for templates