DevSecOps & Supply Chain Cheatsheet

Production reference for software supply chain security: cosign keyless signing, SBOM generation with syft, SLSA provenance levels, Kyverno admission policy, and hardened GitHub Actions patterns.

What This Reference Covers

High-signal commands and checks for day-to-day production work.
Security and reliability notes that explain what can go wrong when a command is used casually.
Debugging vocabulary for incidents, code reviews, platform audits, and interview preparation.

Recommended Next Steps

Start with the commands that match your current task, then follow the related CodersSecret material for deeper context on architecture, risk, and operational tradeoffs.

Read production engineering articles or continue with free courses.

Related Cheatsheets

Kubernetes Security Cheatsheet
Kubernetes (kubectl) Cheatsheet
Docker Cheatsheet
Git Cheatsheet
SQL Cheatsheet
Python Cheatsheet

All Cheat Sheets