Which compliance frameworks does this skill support?

The skill currently supports OpenSSF Scorecard, CII Best Practices, OWASP Top 10 (2021), and SOC2 Trust Service Criteria.

Is this skill suitable for production-grade security audits?

Yes, it is designed for production-grade validation, mapping repository configurations and code practices directly to enterprise and open-source security standards.

Does this skill help with fixing security issues?

Beyond just auditing, the skill provides specific recommendations in its JSON output to help developers address failing checks and improve their compliance grade.

How is the compliance score calculated?

Scores are calculated based on framework-specific metrics, such as the 0-10 aggregate score for OpenSSF or the tiered criteria levels for CII Best Practices.

Can it automatically determine which standard to apply to my project?

Yes, the skill includes auto-detection logic that suggests OpenSSF for public repos, SOC2 for private enterprise repos, and OWASP for web applications.

Compliance Standards

Name: Compliance Standards
Author: nsalvacao

bynsalvacao

0•

安全与测试

Automates compliance audits against industry-standard security and quality frameworks like OpenSSF, OWASP, and SOC2.

The Compliance Standards skill provides specialized validation and auditing capabilities for developers needing to meet rigorous industry requirements. It facilitates automated checks against the OpenSSF Scorecard for open-source health, CII Best Practices for repository maintenance, OWASP Top 10 for web application security, and SOC2 Trust Service Criteria for enterprise environments. By integrating directly with repository scripts, it offers real-time scoring, threshold mapping, and actionable recommendations, allowing teams to maintain a high security posture and ensure their projects remain compliant with modern security standards.

主要功能

010 GitHub stars

02SOC2 Trust Service Criteria audit for enterprise repository management

03Automated OpenSSF Scorecard evaluation with 16 comprehensive security checks

04OWASP Top 10 vulnerability mapping for web application security assessments

05Multi-level CII Best Practices Badge validation (Basic, Silver, and Gold)

06Intelligent framework auto-detection based on repository type and visibility

使用场景

01Performing a gap analysis for enterprise repositories preparing for SOC2 Type I or II certification

02Scanning web application source code for alignment with OWASP Top 10 security principles

03Auditing public open-source projects to improve OpenSSF security scores and community trust

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nsalvacao/nsalvacao-claude-code-plugins compliance-standards

For use in Claude.ai and ChatGPT

主要功能

010 GitHub stars

02SOC2 Trust Service Criteria audit for enterprise repository management

03Automated OpenSSF Scorecard evaluation with 16 comprehensive security checks

04OWASP Top 10 vulnerability mapping for web application security assessments

05Multi-level CII Best Practices Badge validation (Basic, Silver, and Gold)

06Intelligent framework auto-detection based on repository type and visibility

使用场景

01Performing a gap analysis for enterprise repositories preparing for SOC2 Type I or II certification

02Scanning web application source code for alignment with OWASP Top 10 security principles

03Auditing public open-source projects to improve OpenSSF security scores and community trust

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nsalvacao/nsalvacao-claude-code-plugins compliance-standards

For use in Claude.ai and ChatGPT