Generates security audit reports from vulnerability scans, configs, and compliance data with CVSS scoring, findings tables, remediation plans, and status matrices.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin security-audit-reporterThis skill is limited to using the following tools:
Aggregate vulnerability scan results, configuration analyses, and compliance assessments into a structured, auditor-ready security report. Map every finding to a CVSS severity, applicable compliance control (PCI-DSS, HIPAA, SOC 2, GDPR), and a prioritized remediation timeline.
Generates compliance reports for PCI DSS, HIPAA, SOC 2, GDPR, ISO 27001 by scanning codebases and configs for security controls, assessing gaps, and producing audit-ready Markdown.
Identifies security vulnerabilities in code and infrastructure, generates structured audit reports with severity ratings and remediation guidance. Use for SAST scans, pen testing, secrets scanning, DevSecOps, and compliance checks.
Generates vulnerability reports and provides step-by-step guidance for security tasks like penetration testing, compliance frameworks, threat modeling, and enterprise security.
Share bugs, ideas, or general feedback.
Aggregate vulnerability scan results, configuration analyses, and compliance assessments into a structured, auditor-ready security report. Map every finding to a CVSS severity, applicable compliance control (PCI-DSS, HIPAA, SOC 2, GDPR), and a prioritized remediation timeline.
${CLAUDE_SKILL_DIR}/security/${CLAUDE_SKILL_DIR}/reports/${CLAUDE_SKILL_DIR}/security/ for scanner outputs, log files, and configuration exports.${CLAUDE_SKILL_DIR}/reports/security-audit-YYYYMMDD.md. Optionally produce JSON for Jira/ServiceNow import.See ${CLAUDE_SKILL_DIR}/references/implementation.md for the detailed four-phase implementation workflow.
${CLAUDE_SKILL_DIR}/reports/security-audit-YYYYMMDD.md containing executive summary, detailed findings, compliance matrix, and remediation plan| Error | Cause | Solution |
|---|---|---|
| No security scan results found | Scanner outputs missing from ${CLAUDE_SKILL_DIR}/security/ | Specify alternate data source paths or run preliminary scans with nmap -sV or trivy fs . |
| Cannot assess compliance -- requirements unavailable | Compliance framework checklist not provided | Fall back to OWASP Top 10 and CWE Top 25 as baseline; note limitation in report |
| Permission denied reading config files | Insufficient filesystem access | Request elevated permissions or provide exported configuration snapshots |
| Scan results exceed processing capacity | Thousands of findings from multiple scanners | Process in batches by severity (Critical/High first), then merge |
| Conflicting severity ratings across scanners | Different tools score the same vulnerability differently | Use CVSS 3.1 base score as canonical severity; note discrepancies in appendix |
${CLAUDE_SKILL_DIR}/security/."${CLAUDE_SKILL_DIR}/references/errors.md -- full error handling reference${CLAUDE_SKILL_DIR}/references/examples.md -- additional usage examples