deployment practice · cohort · advanced
Security Hardening Scripts
Automate least-privilege checks, dependency diffs, and secret scanning hooks for small teams.
4 weeks · 27 guided hours · weekend intensive · 15,400 THB (informational)
Tool stack
Pythonpip-auditGnuPG
Description
Bridgemesh focuses on proportionate controls: SBOM exports, pip-audit workflows, and GPG signing for release tags. You will role-play a polite refusal when a stakeholder asks for all-prod-keys-in-one-env scripts.
What is included
- pip-audit and OSV integration in CI
- SBOM generation with CycloneDX snippets
- Filesystem permission sweeps with human summaries
- GPG tag signing walkthrough
- Threat modeling worksheet for automation endpoints
- Incident-ready logging when scans fail
Outcomes
- Wire a CI gate that blocks known critical CVEs
- Produce a proportionate security memo for leadership
- Run a tabletop on a leaked token scenario with scripted responses
FAQ
Penetration testing?
Out of scope—this is defensive automation literacy, not offensive labs.
Compliance certifications?
No exam vouchers included.
Limitation?
We do not configure hardware security modules.
Experience notes
“SBOM section gave procurement something concrete without promising miracle risk removal.”