Does it support modern frameworks like JWT and OAuth?

Yes, it includes built-in search patterns for JWT, OAuth, OIDC, and common Node.js security libraries like Passport and Bcrypt.

How does tm-verify find security controls?

It uses advanced Grep patterns to search for known implementation signatures of authentication, authorization, cryptography, and input validation libraries and decorators.

What happens if a control is only partially implemented?

The skill marks the control as 'partial' and generates a specific gap report detailing what is missing compared to the expected security standard.

Can I use this without a threat model?

It is designed to work as part of the threat-modeling-toolkit; you should run the /tm-threats command first to generate the necessary threat baseline.

Security Control Verifier

Name: Security Control Verifier
Author: josemlopez

byjosemlopez

보안 및 테스팅

Verifies the implementation of security controls within your codebase against documented threat models to identify gaps and ensure compliance.

소개

The tm-verify skill automates the critical validation phase of the threat modeling lifecycle by mapping high-level security requirements to actual source code implementations. By performing deep analysis using specialized search patterns for authentication, authorization, cryptography, and input validation, it provides developers with actionable insights through detailed gap analysis reports and structured JSON evidence. This tool is essential for security engineers and developers looking to ensure that mitigations identified during the design phase are correctly realized in the code, facilitating continuous security verification and audit readiness.

주요 기능

Detailed visual reporting with ASCII status bars and severity-based gap details
Support for multi-framework mapping including STRIDE and PASTA
0 GitHub stars
Comprehensive gap analysis comparing expected mitigations vs. actual code
Automated discovery of security controls using domain-specific Grep patterns
Evidence collection including file paths and line numbers for audit trails

사용 사례

Generating compliance evidence for security controls across large software projects
Validating that design-phase threat mitigations are correctly implemented in the codebase
Conducting automated security audits to identify missing authentication or authorization checks

소개

주요 기능

Detailed visual reporting with ASCII status bars and severity-based gap details
Support for multi-framework mapping including STRIDE and PASTA
0 GitHub stars
Comprehensive gap analysis comparing expected mitigations vs. actual code
Automated discovery of security controls using domain-specific Grep patterns
Evidence collection including file paths and line numbers for audit trails

사용 사례

Generating compliance evidence for security controls across large software projects
Validating that design-phase threat mitigations are correctly implemented in the codebase
Conducting automated security audits to identify missing authentication or authorization checks