![](https://crypto4nerd.com/wp-content/uploads/2023/01/1tp6Qiy1gBSBcxl2CR0RNjQ.jpeg)
The most comprehensive, end-to-end guide: 20 prompts, and 20 subprompts for each, equaling 400 prompts in total
Previously, I composed a piece on how to use ChatGPT for product management; you can find it at this link.
You are reading this piece because you are interested in how to use ChatGPT for DevSecOps.
This is the most comprehensive and specific DevSecOps guide you will find because it is based on a life cycle and end-to-end implementation approach.
Having worked directly with ChatGPT, I’ve removed the guesswork and experimentation you need to do and gathered what you need to know on how to use ChatGPT (without finetuning) right away.
An approach you can integrate is to employ these prompts word-for-word.
Also, I personally identified these prompts as specific touchpoints across a large, end-to-end DevSecOps implementation.
For each prompt, I have worked with ChatGPT, in addition to my personal experience, to further identify 20 subprompts.
The top 20 prompts are as follows (and defined exactly as how ChatGPT understands them):
1. Automating code reviews: Automatically review code for security vulnerabilities and compliance with best practices.
2. Generating security documentation: Generate documentation, such as threat models or incident response plans, to help you comply with security regulations.
3. Generating test cases: Generate test cases to help you verify that your code is secure and that your security controls are working as intended.
4. Providing automated feedback on security issues: Provide automated feedback on security issues in real-time as code is being written, allowing developers to fix issues before they become a problem.
5. Automating incident response: Automate incident response by generating a playbooks that can be executed in case of an incident and providing guidance on next steps.
6. Automating compliance checks: Automatically check that your code and systems comply with various security standards and regulations, such as PCI-DSS or HIPAA.
7. Generating secure code snippets: Generate secure code snippets in various programming languages, to help developers avoid common security mistakes.
8. Identifying sensitive data: Automatically identify sensitive data in your code and systems, such as credit card numbers or personal information, and flag it for further review.
9. Generating penetration test reports: Generate reports from penetration testing, summarizing findings and providing recommendations for remediation.
10. Automating threat modeling: Help with threat modeling, by automatically generating a list of potential threats and the assets that are at risk.
11. Generating security training materials: Generate training materials for developers and other stakeholders, to help them understand and follow secure coding practices.
12. Provide automated feedback on compliance issues in real-time, as code is being written, to help ensure that your systems are compliant with regulations.
13. Automating incident management: Incident management, by automatically generating incident reports and providing guidance on next steps to contain the incident and prevent future occurrences.
14. Automating vulnerability management: Vulnerability management, by helping withautomatically identifying vulnerabilities in your systems and providing guidance on how to remediate them.
15. Generating security playbooks: Generate security playbooks that can be used as a reference for incident response and other security scenarios.
16. Generating security policies and procedures: Generate security policies and procedures that can be used to guide the development and operation of secure systems.
17. Automating threat intelligence analysis: Help with threat intelligence analysis by automatically identifying relevant threats and providing guidance on how to mitigate them.
18. Generating security reports: Generate security reports that summarize the security posture of your systems and provide recommendations for improvement.
19. Automating security incident triage: Help with incident triage, by automatically identifying the severity of security incidents and providing guidance on how to respond.
20. Automating incident response playbooks: Automatically generate incident response playbooks for different types of security incidents, such as data breaches or DDoS attacks.
The subprompts for each of the 20 prompts are listed below: