{"product_id":"devsecops-pipeline-tich-hợp-claude-code-security-vao-ci-cd","title":"DevSecOps Pipeline — Tích hợp Claude Code Security vào CI\/CD","description":"\n\u003cp\u003eDevSecOps đưa security vào mọi giai đoạn của software development lifecycle thay vì chỉ kiểm tra ở cuối. Với Claude Code, bạn có thể thêm một \"AI security reviewer\" vào CI\/CD pipeline — tự động phát hiện lỗ hổng trong mỗi pull request, scan configuration files, và enforce security policies trước khi code được merge. Bài viết này hướng dẫn cách xây dựng DevSecOps pipeline hoàn chỉnh với GitHub Actions và Claude Code.\u003c\/p\u003e\n\n\u003ch2\u003eDevSecOps là gì và tại sao cần AI?\u003c\/h2\u003e\n\u003cp\u003eDevSecOps là triết lý tích hợp security vào DevOps — security không phải checkpoint cuối cùng mà là một phần của mọi bước. Truyền thống, security review được thực hiện bởi security team trước khi release, tạo bottleneck và phát hiện lỗi muộn. Với DevSecOps, security checks chạy tự động trong CI\/CD pipeline.\u003c\/p\u003e\n\u003cp\u003eAI (Claude Code) bổ sung cho các công cụ truyền thống vì có thể hiểu ngữ cảnh business logic. Static analysis tools phát hiện patterns cố định (SQL injection qua regex) nhưng bỏ qua logic flaws (authorization bypass qua business rules phức tạp). Claude Code hiểu code như một developer, nhận ra lỗi mà tools truyền thống bỏ qua.\u003c\/p\u003e\n\n\u003ch2\u003eKiến trúc DevSecOps Pipeline\u003c\/h2\u003e\n\u003cp\u003ePipeline gồm 6 stages, mỗi stage có security checks tương ứng. Stage 1 — Pre-commit: lint, secret scanning trên developer machine. Stage 2 — PR Created: Claude Code review + dependency scan + SAST (Static Application Security Testing). Stage 3 — PR Approved: Integration tests + DAST (Dynamic Application Security Testing). Stage 4 — Merge to main: Container scan + infrastructure scan. Stage 5 — Pre-deploy: Final security gate + compliance check. Stage 6 — Post-deploy: Runtime monitoring + vulnerability alerts.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# Tong quan pipeline (.github\/workflows\/devsecops.yml)\n#\n# PR Created\/Updated:\n# ├── claude-security-review (Claude Code AI review)\n# ├── dependency-scan (npm audit \/ safety check)\n# ├── secret-scan (gitleaks\/trufflehog)\n# ├── sast (semgrep\/codeql)\n# └── license-check\n#\n# Merge to main:\n# ├── container-scan (trivy)\n# ├── integration-tests\n# └── security-gate (pass\/fail decision)\n#\n# Pre-deploy:\n# ├── final-review\n# └── compliance-check\n#\n# Post-deploy:\n# └── runtime-monitoring\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eStage 1: Claude Code Security Review trong GitHub Actions\u003c\/h2\u003e\n\u003cp\u003eĐây là stage trung tâm — Claude Code tự động review code mới trong mỗi PR và comment findings trực tiếp vào PR.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# .github\/workflows\/claude-security-review.yml\nname: Claude Security Review\n\non:\n pull_request:\n types: [opened, synchronize]\n paths:\n - 'src\/**'\n - 'api\/**'\n - 'lib\/**'\n\npermissions:\n contents: read\n pull-requests: write\n\njobs:\n security-review:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code\n uses: actions\/checkout@v4\n with:\n fetch-depth: 0\n\n - name: Get changed files\n id: changed\n run: |\n FILES=$(git diff --name-only origin\/${{ github.base_ref }}...HEAD | grep -E '.(js|ts|py|go|java)$' | head -20)\n echo \"files=$FILES\" \u0026gt;\u0026gt; $GITHUB_OUTPUT\n echo \"Changed files: $FILES\"\n\n - name: Install Claude Code\n run: npm install -g @anthropic-ai\/claude-code\n\n - name: Run Claude Security Review\n env:\n ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}\n run: |\n # Create review prompt\n DIFF=$(git diff origin\/${{ github.base_ref }}...HEAD -- ${{ steps.changed.outputs.files }})\n\n claude -p \"Review the following code diff for security vulnerabilities.\n Focus on: OWASP Top 10, injection, auth bypass, data exposure, SSRF.\n\n For each finding:\n - File and line number\n - Severity (CRITICAL\/HIGH\/MEDIUM\/LOW)\n - Description\n - Fix suggestion\n\n If no issues found, say 'No security issues detected.'\n\n Diff:\n $DIFF\" \u0026gt; review_output.txt\n\n - name: Post review comment\n uses: actions\/github-script@v7\n with:\n script: |\n const fs = require('fs');\n const review = fs.readFileSync('review_output.txt', 'utf8');\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: `## AI Security Review\\n\\n${review}\\n\\n---\\n*Reviewed by Claude Code*`\n });\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eStage 2: Dependency Scanning\u003c\/h2\u003e\n\u003cp\u003eDependencies là attack vector phổ biến — một package bị compromise có thể ảnh hưởng toàn bộ ứng dụng. Pipeline tự động scan dependencies khi có thay đổi trong package files.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# .github\/workflows\/dependency-scan.yml\nname: Dependency Security Scan\n\non:\n pull_request:\n paths:\n - 'package.json'\n - 'package-lock.json'\n - 'requirements.txt'\n - 'Pipfile.lock'\n - 'go.sum'\n\njobs:\n npm-audit:\n runs-on: ubuntu-latest\n if: hashFiles('package.json') != ''\n steps:\n - uses: actions\/checkout@v4\n\n - name: Install dependencies\n run: npm ci\n\n - name: Run npm audit\n run: |\n npm audit --json \u0026gt; audit-results.json || true\n # Parse and format results\n CRITICAL=$(cat audit-results.json | jq '.metadata.vulnerabilities.critical \/\/ 0')\n HIGH=$(cat audit-results.json | jq '.metadata.vulnerabilities.high \/\/ 0')\n\n echo \"Critical: $CRITICAL, High: $HIGH\"\n\n if [ \"$CRITICAL\" -gt 0 ]; then\n echo \"::error::Found $CRITICAL critical vulnerabilities\"\n exit 1\n fi\n\n - name: Claude analysis of new dependencies\n env:\n ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}\n run: |\n # Get newly added packages\n NEW_DEPS=$(git diff origin\/${{ github.base_ref }}...HEAD -- package.json | grep '^+.*\":s*\"' | grep -v '^+++' || true)\n\n if [ -n \"$NEW_DEPS\" ]; then\n claude -p \"Analyze these newly added npm packages for security risks:\n $NEW_DEPS\n\n For each package check:\n 1. Is it actively maintained?\n 2. Known security issues?\n 3. Suspicious (typosquatting, unusual permissions)?\n 4. Recommendation: SAFE \/ REVIEW \/ REJECT\" \u0026gt; dep-review.txt\n\n cat dep-review.txt\n fi\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eStage 3: Secret Scanning\u003c\/h2\u003e\n\u003cp\u003eSecrets (API keys, passwords, tokens) bị commit vào code là một trong những rủi ro bảo mật phổ biến nhất. Pipeline phải chặn secrets trước khi chúng vào repository.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# .github\/workflows\/secret-scan.yml\nname: Secret Scanning\n\non:\n pull_request:\n types: [opened, synchronize]\n\njobs:\n gitleaks:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n with:\n fetch-depth: 0\n\n - name: Run Gitleaks\n uses: gitleaks\/gitleaks-action@v2\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\n - name: Claude scan for subtle secrets\n if: always()\n env:\n ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}\n run: |\n # Gitleaks catches obvious patterns\n # Claude catches subtle ones: base64 encoded secrets,\n # hardcoded credentials in comments, test credentials\n # that look like production ones\n\n DIFF=$(git diff origin\/${{ github.base_ref }}...HEAD)\n\n claude -p \"Scan this code diff for hardcoded secrets that\n automated tools might miss:\n\n 1. Base64 encoded API keys or tokens\n 2. Credentials in comments or variable names suggesting secrets\n 3. Test credentials that look like production credentials\n 4. Private keys or certificates embedded in code\n 5. Connection strings with passwords\n 6. Environment variable references that should not be in code\n\n DIFF:\n $DIFF\n\n Report only confirmed or highly suspicious findings.\n If nothing found, say 'No secrets detected.'\" \u0026gt; secret-review.txt\n\n cat secret-review.txt\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eStage 4: Security Gate — Pass\/Fail Decision\u003c\/h2\u003e\n\u003cp\u003eSecurity gate là checkpoint quyết định PR có được merge hay không. Nó tổng hợp kết quả từ tất cả security scans và đưa ra quyết định cuối cùng.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# .github\/workflows\/security-gate.yml\nname: Security Gate\n\non:\n pull_request:\n types: [opened, synchronize]\n\njobs:\n security-gate:\n runs-on: ubuntu-latest\n needs: [claude-security-review, dependency-scan, secret-scan, sast]\n steps:\n - name: Evaluate security results\n run: |\n # Collect results from all security jobs\n CLAUDE_RESULT=\"${{ needs.claude-security-review.result }}\"\n DEP_RESULT=\"${{ needs.dependency-scan.result }}\"\n SECRET_RESULT=\"${{ needs.secret-scan.result }}\"\n SAST_RESULT=\"${{ needs.sast.result }}\"\n\n echo \"Claude Review: $CLAUDE_RESULT\"\n echo \"Dependency Scan: $DEP_RESULT\"\n echo \"Secret Scan: $SECRET_RESULT\"\n echo \"SAST: $SAST_RESULT\"\n\n # Gate rules:\n # - Secret scan failure = BLOCK (non-negotiable)\n # - Critical dependency vuln = BLOCK\n # - Claude CRITICAL finding = BLOCK\n # - SAST high finding = WARNING (require manual approval)\n\n if [ \"$SECRET_RESULT\" = \"failure\" ]; then\n echo \"::error::BLOCKED: Secrets detected in code\"\n exit 1\n fi\n\n if [ \"$DEP_RESULT\" = \"failure\" ]; then\n echo \"::error::BLOCKED: Critical dependency vulnerabilities\"\n exit 1\n fi\n\n echo \"Security gate PASSED\"\n\n - name: Add security label\n if: success()\n uses: actions\/github-script@v7\n with:\n script: |\n await github.rest.issues.addLabels({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n labels: ['security-reviewed']\n });\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003ePre-commit hooks: Chặn lỗi từ developer machine\u003c\/h2\u003e\n\u003cp\u003eTốt nhất là chặn security issues trước khi code được push, không phải đợi đến CI\/CD. Pre-commit hooks chạy trên máy developer.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# .pre-commit-config.yaml\nrepos:\n # Secret detection\n - repo: https:\/\/github.com\/gitleaks\/gitleaks\n rev: v8.18.0\n hooks:\n - id: gitleaks\n\n # Linting for security patterns\n - repo: https:\/\/github.com\/returntocorp\/semgrep\n rev: v1.50.0\n hooks:\n - id: semgrep\n args: ['--config', 'p\/owasp-top-ten', '--error']\n\n # Check for large files (might contain secrets\/data)\n - repo: https:\/\/github.com\/pre-commit\/pre-commit-hooks\n rev: v4.5.0\n hooks:\n - id: check-added-large-files\n args: ['--maxkb=500']\n - id: detect-private-key\n\n# Install: pre-commit install\n# Run manually: pre-commit run --all-files\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eContainer Security Scanning\u003c\/h2\u003e\n\u003cp\u003eNếu ứng dụng chạy trong Docker, container image cũng cần được scan. Trivy là tool phổ biến nhất cho container scanning.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# Trong CI\/CD pipeline sau khi build image\nname: Container Scan\n\non:\n push:\n branches: [main]\n\njobs:\n container-scan:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n\n - name: Build Docker image\n run: docker build -t myapp:${{ github.sha }} .\n\n - name: Run Trivy vulnerability scanner\n uses: aquasecurity\/trivy-action@master\n with:\n image-ref: 'myapp:${{ github.sha }}'\n format: 'sarif'\n output: 'trivy-results.sarif'\n severity: 'CRITICAL,HIGH'\n\n - name: Claude analyze Dockerfile\n env:\n ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}\n run: |\n claude -p \"Review this Dockerfile for security best practices:\n\n $(cat Dockerfile)\n\n Check:\n 1. Running as non-root user?\n 2. Multi-stage build to minimize attack surface?\n 3. Specific image tags (not 'latest')?\n 4. No secrets in build args or environment?\n 5. Minimal base image?\n 6. Health check defined?\n 7. Read-only filesystem where possible?\n\n Rate overall container security: A\/B\/C\/D\" \u0026gt; docker-review.txt\n cat docker-review.txt\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eInfrastructure as Code Security\u003c\/h2\u003e\n\u003cp\u003eNếu bạn dùng Terraform, CloudFormation, hoặc Docker Compose, Claude Code có thể review infrastructure configuration cho security issues.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003eReview Terraform configuration cho security issues.\n\n[Dan noi dung terraform files]\n\nKiem tra:\n1. Network security:\n - Security groups co qua mo khong? (0.0.0.0\/0 cho SSH?)\n - VPC co private subnets cho databases khong?\n - NAT Gateway cho outbound traffic tu private subnet?\n\n2. Data encryption:\n - S3 buckets co encryption at rest khong?\n - RDS co encrypted storage khong?\n - KMS keys co rotation policy khong?\n\n3. Access control:\n - IAM roles co tuan thu least privilege khong?\n - Wildcard permissions (*) o dau?\n - Service accounts co qua nhieu quyen khong?\n\n4. Logging va monitoring:\n - CloudTrail bat chua?\n - VPC Flow Logs bat chua?\n - Access logs cho load balancer?\n\n5. Backup va recovery:\n - RDS co automated backup khong?\n - S3 versioning bat chua?\n - Disaster recovery plan?\n\nVoi moi finding: Severity, current config, recommended config, Terraform code fix.\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eSecurity Dashboard và Reporting\u003c\/h2\u003e\n\u003cp\u003ePipeline cần dashboard tổng hợp để team theo dõi security posture theo thời gian. Metrics quan trọng bao gồm: số lỗ hổng phát hiện theo severity mỗi tuần, mean time to remediate (từ phát hiện đến fix), tỷ lệ PR bị block bởi security gate, dependency vulnerabilities open vs. closed, và coverage — bao nhiêu % code được security review.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# Script tao security report tuan (chay bang cron hoac scheduled workflow)\nname: Weekly Security Report\n\non:\n schedule:\n - cron: '0 9 * * 1' # Monday 9 AM\n\njobs:\n report:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n\n - name: Collect metrics\n run: |\n # Count vulnerabilities from last week\n NPM_VULNS=$(npm audit --json 2\u0026gt;\/dev\/null | jq '.metadata.vulnerabilities | to_entries | map(.value) | add \/\/ 0')\n\n # Count PRs blocked by security gate\n BLOCKED=$(gh pr list --state closed --label \"security-blocked\" --search \"closed:\u0026gt;$(date -d '7 days ago' +%Y-%m-%d)\" | wc -l)\n\n # Count PRs with security review\n REVIEWED=$(gh pr list --state merged --label \"security-reviewed\" --search \"merged:\u0026gt;$(date -d '7 days ago' +%Y-%m-%d)\" | wc -l)\n\n echo \"npm_vulns=$NPM_VULNS\" \u0026gt;\u0026gt; $GITHUB_ENV\n echo \"blocked=$BLOCKED\" \u0026gt;\u0026gt; $GITHUB_ENV\n echo \"reviewed=$REVIEWED\" \u0026gt;\u0026gt; $GITHUB_ENV\n\n - name: Generate report with Claude\n env:\n ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}\n run: |\n claude -p \"Tao bao cao security tuan cho team.\n\n Metrics:\n - Dependency vulnerabilities: ${{ env.npm_vulns }}\n - PRs blocked: ${{ env.blocked }}\n - PRs reviewed: ${{ env.reviewed }}\n\n Format:\n 1. Tong quan tinh trang bao mat (1 doan)\n 2. So lieu chinh (bang)\n 3. Xu huong so voi tuan truoc\n 4. Top 3 hanh dong uu tien tuan nay\n 5. Khen ngoi: Team member nao fix security issues nhanh nhat\" \u0026gt; report.md\n\n cat report.md\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eSAST (Static Application Security Testing) với Semgrep\u003c\/h2\u003e\n\u003cp\u003eSemgrep là tool SAST nhẹ, nhanh và dễ tùy chỉnh. Kết hợp với Claude để phân tích kết quả và giảm false positives.\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003e# .github\/workflows\/sast.yml\nname: SAST Scan\n\non:\n pull_request:\n paths: ['src\/**', 'api\/**', 'lib\/**']\n\njobs:\n semgrep:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n\n - name: Run Semgrep\n uses: returntocorp\/semgrep-action@v1\n with:\n config: \u0026gt;-\n p\/owasp-top-ten\n p\/javascript\n p\/typescript\n p\/python\n\n - name: Claude analyze SAST results\n if: always()\n env:\n ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}\n run: |\n # Semgrep outputs JSON\n if [ -f semgrep-results.json ]; then\n claude -p \"Phan tich ket qua SAST scan.\n\n $(cat semgrep-results.json)\n\n Voi moi finding:\n 1. Day la TRUE POSITIVE hay FALSE POSITIVE? Giai thich.\n 2. Neu true positive: Severity thuc te (co the khac Semgrep rating)\n 3. Fix suggestion cu the\n 4. Uu tien fix theo thu tu nao?\n\n Tong ket: Bao nhieu true positives? Overall risk level?\" \u0026gt; sast-analysis.txt\n\n cat sast-analysis.txt\n fi\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eCompliance checking tự động\u003c\/h2\u003e\n\u003cp\u003eVới các doanh nghiệp trong ngành tài chính, y tế, hoặc xử lý dữ liệu cá nhân, compliance là bắt buộc. Claude kiểm tra code có tuân thủ các quy định như PDPA (Luật Bảo vệ Dữ liệu Cá nhân Việt Nam), PCI-DSS (xử lý thẻ tín dụng), hoặc HIPAA (y tế).\u003c\/p\u003e\n\u003cpre\u003e\u003ccode\u003eReview code theo Nghi dinh 13\/2023 ve Bao ve Du lieu Ca nhan.\n\n[Dan code xu ly du lieu khach hang]\n\nKiem tra:\n1. Thu thap du lieu: Co thu thap nhung du lieu KHONG can thiet khong?\n2. Dong y (Consent): Co mechanism xin consent truoc khi thu thap?\n3. Luu tru: Du lieu luu o dau? Co ma hoa khong? Thoi gian luu tru?\n4. Chia se: Du lieu co bi chia se cho third-party khong? Co consent khong?\n5. Quyen truy cap: Nguoi dung co the xem, sua, xoa du lieu ca nhan?\n6. Xoa du lieu: Co mechanism xoa du lieu khi nguoi dung yeu cau?\n7. Bao mat: Du lieu nhat cam (CCCD, suc khoe) co bao ve dac biet?\n8. Data breach response: Co quy trinh xu ly khi bi lo du lieu?\n\nVoi moi vi pham: Dieu khoan cu the, muc do nghiem trong, cach fix.\u003c\/code\u003e\u003c\/pre\u003e\n\n\u003ch2\u003eBest practices khi xây dựng DevSecOps Pipeline\u003c\/h2\u003e\n\u003cul\u003e\n \u003cli\u003eBắt đầu nhỏ, mở rộng dần — Pipeline đầy đủ ngay từ đầu sẽ làm chậm developer. Bắt đầu với secret scan + dependency check, sau đó thêm Claude review và SAST.\u003c\/li\u003e\n \u003cli\u003eKhông block mọi thứ — Chỉ block cho CRITICAL và secrets. Medium\/Low nên là WARNING để developer tự fix, nếu không team sẽ tìm cách bypass pipeline.\u003c\/li\u003e\n \u003cli\u003eFalse positive management — Claude và SAST tools đều có false positives. Tạo cơ chế suppress\/acknowledge để team không bị alert fatigue.\u003c\/li\u003e\n \u003cli\u003eSecurity gate phải nhanh — Pipeline chậm quá 10 phút sẽ bị developer than phiền. Chạy các scans song song, cache results, chỉ scan changed files.\u003c\/li\u003e\n \u003cli\u003eTự động hóa remediation — Không chỉ phát hiện mà còn gợi ý fix. Claude Code có thể tạo PR tự động fix dependency vulnerabilities.\u003c\/li\u003e\n \u003cli\u003eĐào tạo team — Pipeline chỉ hiệu quả khi team hiểu tại sao và cách đọc kết quả. Tổ chức security training hàng quý.\u003c\/li\u003e\n\u003c\/ul\u003e\n\n\u003ch2\u003eChi phí vận hành pipeline\u003c\/h2\u003e\n\u003cp\u003eChi phí DevSecOps pipeline gồm: GitHub Actions runtime (miễn phí 2000 phút\/tháng cho public repo, $0.008\/phút cho private), Claude API cho security review (trung bình $0.02-0.05 mỗi PR, khoảng $20-50\/tháng cho team 5-10 developers), và các tools miễn phí (Gitleaks, Trivy, Semgrep community). Tổng chi phí: $30-80\/tháng — rẻ hơn nhiều so với một vụ data breach có thể gây thiệt hại hàng tỷ đồng.\u003c\/p\u003e\n\n\u003ch2\u003eBước tiếp theo\u003c\/h2\u003e\n\u003cp\u003eBạn đã nắm được cách xây dựng DevSecOps pipeline tích hợp Claude Code vào CI\/CD. Pipeline tự động hóa security review, scan dependencies, phát hiện secrets và enforce security gates — giúp team ship code nhanh hơn mà vẫn an toàn. Khám phá thêm tại \u003ca href=\"\/collections\/nang-cao\"\u003eThư viện Nâng cao Claude\u003c\/a\u003e.\u003c\/p\u003e\n","brand":"Minh Tuấn","offers":[{"title":"Default Title","offer_id":47730164039892,"sku":null,"price":0.0,"currency_code":"VND","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0821\/0264\/9044\/files\/devsecops-pipeline-tich-h_p-claude-code-security-vao-ci-cd.jpg?v=1774716328","url":"https:\/\/claude.vn\/products\/devsecops-pipeline-tich-h%e1%bb%a3p-claude-code-security-vao-ci-cd","provider":"CLAUDE.VN","version":"1.0","type":"link"}