npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin compliance-checkerWant just this skill?
Then install: npx claudepluginhub u/[userId]/[slug]
Execute use when you need to work with compliance checking. This skill provides compliance monitoring and validation with comprehensive guidance and automation. Trigger with phrases like "check compliance", "validate policies", or "audit compliance".
This skill is limited to using the following tools:
assets/README.mdassets/compliance_report_template.mdassets/compliance_rules.jsonassets/example_infrastructure_config.yamlreferences/README.mdscripts/README.mdscripts/compliance_scan.shChecking Infrastructure Compliance
Overview
Audit infrastructure configurations against compliance frameworks (CIS Benchmarks, SOC 2, HIPAA, PCI-DSS, GDPR) using policy-as-code tools like Open Policy Agent (OPA), Checkov, and tfsec. Generate compliance reports, identify violations, and produce remediation plans for Terraform, Kubernetes, and cloud provider configurations.
Prerequisites
- Policy-as-code tool installed:
checkov,tfsec,opa, orkube-bench - Infrastructure-as-code files (Terraform, CloudFormation, Kubernetes manifests) in the project
- Cloud provider CLI authenticated with read access to resources
- Compliance framework requirements documented (CIS, SOC 2, HIPAA, PCI-DSS)
jqfor parsing JSON policy outputs
Instructions
- Identify the applicable compliance framework(s) based on industry and data classification
- Scan Terraform files with
checkov -d .ortfsec .to detect misconfigurations - Scan Kubernetes manifests for security issues: missing resource limits, privileged containers, missing network policies
- Validate IAM policies for least-privilege violations using cloud-native tools (
aws iam access-analyzer) - Check encryption at rest and in transit: verify S3 bucket encryption, database TLS, and EBS volume encryption
- Audit logging configurations: confirm CloudTrail/Cloud Audit Logs are enabled and sent to immutable storage
- Generate a compliance report mapping each finding to the relevant control (e.g., CIS AWS 2.1.1)
- Produce remediation Terraform/YAML patches for each violation with severity ranking (Critical, High, Medium, Low)
- Set up CI/CD integration so compliance checks block merges on Critical/High violations
Output
- Compliance scan results in JSON/SARIF format for CI integration
- Markdown compliance report with control mappings and pass/fail status
- Remediation code patches (Terraform diffs, Kubernetes manifest updates)
- OPA/Rego policy files for custom organizational rules
- CI/CD pipeline step configuration for automated compliance gating
Error Handling
| Error | Cause | Solution |
|---|---|---|
checkov: no Terraform files found | Scanner run from wrong directory | Specify path explicitly with -d path/to/terraform/ |
tfsec: failed to parse HCL | Syntax error in Terraform files | Run terraform validate first to fix HCL syntax before compliance scan |
False positive on compliance check | Rule too broad for the specific use case | Add inline skip comments (#checkov:skip=CKV_AWS_18:Reason) or create a .checkov.yml skip list |
OPA policy evaluation error | Rego syntax error or missing input data | Test policies with opa eval -d policy.rego -i input.json and validate Rego syntax |
Scan timeout on large codebase | Too many files or complex module references | Use --compact mode, scan directories individually, or increase timeout limits |
Examples
- "Run a CIS Benchmark compliance check against all Terraform files and generate a report with remediation steps for Critical findings."
- "Create OPA policies that enforce: all S3 buckets must have encryption, all EC2 instances must have IMDSv2, and all security groups must not allow 0.0.0.0/0 ingress."
- "Scan Kubernetes manifests for PCI-DSS compliance: verify no privileged containers, all pods have resource limits, and network policies exist for every namespace."
Resources
- Checkov: https://www.checkov.io/
- tfsec: https://aquasecurity.github.io/tfsec/
- Open Policy Agent: https://www.openpolicyagent.org/docs/latest/
- CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks
- kube-bench (CIS for Kubernetes): https://github.com/aquasecurity/kube-bench
Similar Skills
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.