DevSecOps Cheatsheets
A quick reference for common DevOps, DevSecOps, Security, and Cloud tasks. Use these tables as a handy guide for daily operations and automation.
🛠️ DevOps & DevSecOps CLI Basics
| Task | Bash Command Example | PowerShell Example |
|---|---|---|
| List files | ls -al | Get-ChildItem |
| Find text in files | grep 'pattern' -r . | Select-String -Path * -Pattern |
| Show disk usage | df -h | Get-PSDrive |
| Show running procs | ps aux | Get-Process |
| Check open ports | netstat -tuln | Get-NetTCPConnection |
| Show env vars | printenv | Get-ChildItem Env: |
| Edit file | nano file.txt | notepad file.txt |
| Check network | ping <host> | Test-Connection <host> |
| Check IP | curl ifconfig.me | Invoke-WebRequest ifconfig.me |
| Check HTTP status | curl -I <url> | Invoke-WebRequest <url> -Method Head |
| Check DNS | dig <domain> | Resolve-DnsName <domain> |
| Check SSL cert | openssl s_client -connect <host>:443 | Invoke-WebRequest <url> -UseBasicParsing |
| Check CPU usage | top | Get-Process : Sort-Object CPU -Descending |
| Check memory usage | free -h | Get-Process : Measure-Object -Property WS -Sum |
| Check uptime | uptime | Get-Uptime |
| Remote Sync | rsync -avz src/ dest/ | Copy-Item -Path src -Destination dest -Recurse |
| Remote exec | ssh user@host 'command' | Invoke-Command -ComputerName host -ScriptBlock { command } |
| Remote file transfer | scp file user@host:/path | Copy-Item -Path file -Destination \\host\path |
| Check logs | tail -f /var/log/syslog | Get-Content -Path /var/log/syslog -Tail 10 -Wait |
| Check if command exists | command -v <cmd> | Get-Command <cmd> |
| check for syntax error | bash -n ./deploy-kind.sh | try { <cmd> } catch { Write-Host "Error" } |
☁️ Cloud CLI Quick Reference
| Cloud | Login Command | List Resources | Docs/Help Command |
|---|---|---|---|
| Azure | az login | az resource list | az --help |
| AWS | aws configure | aws s3 ls | aws help |
| GCP | gcloud init | gcloud compute instances list | gcloud help |
🔐 Security & Secrets
| Task | Command/Tool Example |
|---|---|
| Generate SSH key | ssh-keygen -t ed25519 -C "email@example.com" |
| Check open ports (nmap) | nmap -sS <host> |
| Hash a file (SHA256) | sha256sum file.txt |
| Scan for secrets in code | trufflehog git / gitleaks detect |
| Check file permissions | ls -l |
| Encrypt a file (openssl) | openssl enc -aes-256-cbc -in file -out file.enc |
| Decrypt a file (openssl) | openssl enc -d -aes-256-cbc -in file.enc -out file |
| Generate random password | openssl rand -base64 32 |
| Check for weak passwords | hashcat -m 0 -a 0 <hashfile> <wordlist> |
| Scan for vulnerabilities | trivy image <image> |
| Check for CVEs | aws inspector scan <resource> |
| Scan for malware | clamav -r <directory> |
| Check for misconfigurations | checkov -f <file> |
| Scan for open ports | nmap -sS <host> |
🏗️ Infrastructure as Code (IaC)
Terraform
| Task | Command Example |
|---|---|
| Init project | terraform init |
| Validate config | terraform validate |
| Plan changes | terraform plan |
| Apply changes | terraform apply |
| Destroy resources | terraform destroy |
| List resources | terraform state list |
| Show resource | terraform show |
| Output variables | terraform output |
| Import resource | terraform import <resource> |
Ansible
| Task | Command Example |
|---|---|
| Run playbook | ansible-playbook playbook.yml |
| List hosts | ansible all --list-hosts -i inventory |
| Ping all hosts | ansible all -m ping |
| Check facts | ansible all -m setup |
| Run ad-hoc cmd | ansible all -a "command" |
Bicep
| Task | Command Example |
|---|---|
| Build Bicep | az bicep build --file main.bicep |
| Validate Bicep | az bicep validate --file main.bicep |
| List Bicep | az bicep list |
| Lint Bicep | az bicep linter --file main.bicep |
| Deploy Bicep | az deployment group create --resource-group <rg> --template-file main.bicep |
AWS CloudFormation
| Task | Command Example |
|---|---|
| Validate template | aws cloudformation validate-template --template-body file://template.yaml |
| Deploy stack | aws cloudformation deploy --template-file template.yaml --stack-name mystack |
🧑💻 Git & GitHub
| Task | Command Example |
|---|---|
| Clone repo | git clone <url> |
| Create branch | git checkout -b feature/branch |
| Commit changes | git commit -am "message" |
| Delete branch | git branch -d feature/branch |
| Delete remote branch | git push origin --delete feature/branch or git push origin :feature/branch |
| Push branch | git push origin feature/branch |
| Rebase main | git fetch origin && git rebase origin/main |
| GitHub CLI login | gh auth login |
| Create PR (GitHub CLI) | gh pr create --fill |
| List PRs (GitHub CLI) | gh pr list |
| Merge PR (GitHub CLI) | gh pr merge <pr-number> |
| Review PR (GitHub CLI) | gh pr review <pr-number> --approve |
| List issues (GitHub CLI) | gh issue list |
| Create issue (GitHub CLI) | gh issue create --title "Issue title" --body "Issue body" |
| Close issue (GitHub CLI) | gh issue close <issue-number> |
| List commits (GitHub CLI) | gh repo view --commits |
| View commit (GitHub CLI) | gh pr view <pr-number> --commits |
| View commit details (GitHub CLI) | gh pr view <pr-number> --commits --json |
🐚 Bash Scripting
| Task | Example |
|---|---|
| For loop | for f in *.txt; do echo $f; done |
| If statement | if [ -f file ]; then echo exists; fi |
| Function | myfunc() { echo Hello; } |
| Read input | read -p "Name: " name |
| Export variable | export VAR=value |
⚡ PowerShell Scripting
| Task | Example |
|---|---|
| ForEach loop | foreach ($f in Get-ChildItem *.txt) { $f } |
| If statement | if (Test-Path file) { Write-Host exists } |
| Function | function MyFunc { Write-Host Hello } |
| Read input | $name = Read-Host "Name" |
| Set variable | $env:VAR = "value" |
📦 Container & K8s
| Task | Docker Example | Kubernetes Example |
|---|---|---|
| List containers | docker ps | kubectl get pods |
| Build image | docker build -t myimg . | - |
| Run container | docker run -it myimg | - |
| List images | docker images | - |
| List clusters | - | kubectl config get-clusters |
| Get cluster info | - | kubectl cluster-info |
| Apply manifest | - | kubectl apply -f file.yaml |
| Port forward | - | kubectl port-forward svc/myapp 8080:80 |
| Logs | docker logs <container> | kubectl logs <pod> |
Extra Tips
| Task | Command Example |
|---|---|
| Check disk space | df -h |
| Check memory usage | free -h |
| Check CPU usage | top or htop |
| Check network connectivity | ping <host> |
| Check firewall rules | iptables -L or ufw status |
| Check system uptime | uptime |
| Check system logs | journalctl -xe or tail -f /var/log/syslog |
| Check system services | systemctl list-units --type=service |
| Check system processes | ps aux or top |
| Check system users | who or w |
| Check system groups | getent group |
| Check system environment | env or printenv |
| Check system aliases | alias |
| Check system crontab | crontab -l |
| Check system packages | dpkg -l (Debian) or rpm -qa (Red Hat) |
| Check system updates | apt update && apt upgrade (Debian) or yum update (Red Hat) |
| Check system hardware | lshw or lscpu |
| Check system network config | ifconfig or ip addr |
| Check system DNS config | cat /etc/resolv.conf |
| Check system hostname | hostname or uname -n |
| Check system time | date or timedatectl |
📝 Notes
- Use
--helpwith any command to get more details. - Always check the documentation for the latest commands and options.
- Customize commands with flags for specific needs (e.g.,
--verbose,--dry-run).
Copy SSH Key to Clipboard
Mac
sh
pbcopy < ~/.ssh/id_rsa.pubLinux (Ubuntu)
sh
cat ~/.ssh/id_rsa.pubWindows (Git Bash)
powershell
clip < ~/.ssh/id_rsa.pub📚 More Resources
- Azure CLI Docs
- AWS CLI Docs
- GCP CLI Docs
- Terraform Docs
- Ansible Docs
- GitHub CLI Docs
- Bash Guide
- PowerShell Docs
Keep this cheatsheet handy for fast, secure, and efficient DevSecOps workflows!