Infrastructure & Delivery Code Hygiene

Terraform, container, Kubernetes, and CI workflow hygiene.

Select one bounded recipe. Start in audit mode; authorize fixes only after reviewing the candidate evidence.

Recipes

Terraform format, validation, and provider-lock hygiene

development

Bounded audit or remediation to keep configuration canonical and provider resolution reproducible.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformterraformfmtvalidateprovider-lock

Terraform state-address and refactor safety

development

Bounded audit or remediation to preserve resource identity through module and address refactors.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformterraformstatemoved-blocksrefactor

Dockerfile layer, cache, and build-context hygiene

development

Bounded audit or remediation to make container builds reproducible, cache-efficient, and free of accidental context.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformdockerdockerfilelayerscachebuild-context

Container signal, healthcheck, and shutdown hygiene

development

Bounded audit or remediation to make PID 1 signal handling, readiness, health, and graceful shutdown correct.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformcontainerssignalshealthcheckshutdown

Kubernetes schema, deprecation, and selector drift

development

Bounded audit or remediation to remove deprecated fields and prevent selector and label contract drift.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformkubernetesschemadeprecationselectors

Kubernetes probe, resource, and rollout hygiene

development

Bounded audit or remediation to make probes, resources, disruption, and rollout settings internally consistent.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformkubernetesprobesresourcesrollout

CI workflow timeout, concurrency, and cache hygiene

development

Bounded audit or remediation to bound CI jobs and prevent stale caches and duplicate workflow races.

author security-recipes.ai contributorsteam Security Engineeringmodel used gpt-5-codexupdated 2026-07-12
code-hygieneplatformciworkflowstimeoutsconcurrencycache