Does it help with Infrastructure as Code (IaC)?

Absolutely. The skill can validate compliance controls within YAML and other IaC files, checking for settings like encryption levels, password policies, and MFA requirements.

Can it detect sensitive data like secrets or PHI?

Yes, it includes specialized scanners designed to identify hardcoded credentials and Protected Health Information (PHI) within application code and log files.

Is this skill suitable for continuous integration (CI/CD)?

Yes, it is designed for both manual audits and automated integration into CI/CD pipelines to ensure continuous compliance and evidence collection.

Which regulatory frameworks does the Compliance Auditor support?

It currently supports SOC2 Type II, HIPAA, GDPR, and PCI-DSS through specialized scanning logic and control validation.

How does it rank security findings?

Findings are automatically categorized by severity—such as CRITICAL or HIGH—and mapped to specific regulatory requirements like HIPAA §164.308 or SOC2 CC6.1.

Compliance Auditor

Name: Compliance Auditor
Author: Dexploarer

byDexploarer

•

セキュリティとテスト

Automates regulatory compliance auditing and security control monitoring for SOC2, HIPAA, GDPR, and PCI-DSS standards.

概要

The Compliance Auditor skill empowers developers to integrate continuous regulatory monitoring directly into their development workflow, facilitating automated checks for complex security frameworks like SOC2, HIPAA, GDPR, and PCI-DSS. By scanning codebases for sensitive data exposure, verifying encryption protocols, and validating infrastructure-as-code controls, it helps engineering teams maintain a high security posture, prepare for formal external audits, and identify critical regulatory vulnerabilities before they reach production environments.

主な機能

Comprehensive audit report generation with severity-ranked findings
Real-time detection of hardcoded secrets and PHI exposure in logs
Automated framework scanning for SOC2, HIPAA, GDPR, and PCI-DSS
2 GitHub stars
Infrastructure-as-code (IaC) compliance validation for security controls
Continuous monitoring of encryption-at-rest and access control policies

ユースケース

Identifying and remediating PHI exposure in healthcare application logs
Running pre-audit readiness checks for SOC2 Type II certification
Validating PCI-DSS cardholder data protection standards in financial services codebases

概要

主な機能

Comprehensive audit report generation with severity-ranked findings
Real-time detection of hardcoded secrets and PHI exposure in logs
Automated framework scanning for SOC2, HIPAA, GDPR, and PCI-DSS
2 GitHub stars
Infrastructure-as-code (IaC) compliance validation for security controls
Continuous monitoring of encryption-at-rest and access control policies

ユースケース

Identifying and remediating PHI exposure in healthcare application logs
Running pre-audit readiness checks for SOC2 Type II certification
Validating PCI-DSS cardholder data protection standards in financial services codebases