🔒 Security & Compliance Skills Suite

🔒 安全与合规技能套件

Skill by ara.so — Security Skills collection.

A comprehensive security and compliance automation toolkit derived from awesome-claude-code. Provides 10 specialized commands for vulnerability scanning, compliance auditing, threat modeling, and incident response with structured output and multi-step workflows.

由ara.so提供的技能——安全技能合集。

这是一个源自awesome-claude-code的综合性安全与合规自动化工具包，提供10个专门的命令，用于漏洞扫描、合规审计、威胁建模和事件响应，并支持结构化输出和多步骤工作流。

What This Project Does

项目功能

This skill suite enables AI coding agents to perform:

Vulnerability Scanning: OWASP Top-10 checks, CVE dependency analysis
Compliance Auditing: GDPR, SOC2 Type II, ISO27001 gap analysis
Threat Modeling: STRIDE-based architecture security assessment
IAM Security: Least-privilege audits, over-permission detection
Incident Response: Structured playbooks for breach handling
Secret Detection: Pre-commit hooks with entropy scanning

All commands follow a consistent 5-step interaction pattern with visual progress tracking and prioritized action plans.

该技能套件支持AI编码Agent执行以下操作：

漏洞扫描：OWASP Top-10检查、CVE依赖分析
合规审计：GDPR、SOC2 Type II、ISO27001差距分析
威胁建模：基于STRIDE的架构安全评估
IAM安全：最小权限审计、过度权限检测
事件响应：用于 breach 处理的结构化手册
密钥检测：带有熵扫描的预提交钩子

所有命令遵循一致的5步交互模式，带有可视化进度跟踪和优先级行动计划。

Installation

安装

Quick Install

快速安装

bash

undefined

bash

undefined

Clone to Claude skills directory

mkdir -p ~/.claude/skills cd ~/.claude/skills git clone https://github.com/sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git security-compliance-suite

Register in Claude Code session

In Claude Code:

/read ~/.claude/skills/security-compliance-suite/SKILL.md

undefined

/read ~/.claude/skills/security-compliance-suite/SKILL.md

undefined

Manual Setup

手动设置

bash

undefined

bash

undefined

Copy skill files to your project

cp -r ~/.claude/skills/security-compliance-suite/.claude-skills ./

Or reference directly in your .claude/config.json

{ "skills": [ "~/.claude/skills/security-compliance-suite" ] }

undefined

{ "skills": [ "~/.claude/skills/security-compliance-suite" ] }

undefined

Core Commands

核心命令

OWASP Security Scan

OWASP安全扫描

Performs OWASP Top-10 vulnerability analysis with CVSS scoring.

bash

undefined

执行带有CVSS评分的OWASP Top-10漏洞分析。

bash

undefined

Scan entire codebase

/owasp-scan .

Scan specific directory

/owasp-scan ./src/api

With custom configuration

/owasp-scan . --exclude node_modules --severity high


**Output Structure**:
- SQL Injection checks (A03:2021)
- Broken Authentication (A07:2021)
- XSS vulnerabilities (A03:2021)
- CSRF protection gaps
- Security misconfiguration (A05:2021)
- CVSS scores with exploit descriptions

/owasp-scan . --exclude node_modules --severity high


**输出结构**:
- SQL注入检查（A03:2021）
- 身份验证漏洞（A07:2021）
- XSS漏洞（A03:2021）
- CSRF防护缺口
- 安全配置错误（A05:2021）
- 带有漏洞利用描述的CVSS评分

Dependency CVE Scanning

依赖CVE扫描

bash

undefined

bash

undefined

Full dependency tree scan

/dep-cve --scope full

Production dependencies only

/dep-cve --scope prod --output json

With upgrade path suggestions

/dep-cve --fix-suggestions


**Checks**:
- NPM/PyPI/Maven/NuGet packages
- Direct and transitive dependencies
- Exploitability scores (EPSS)
- Available patches and upgrade paths

/dep-cve --fix-suggestions


**检查内容**:
- NPM/PyPI/Maven/NuGet包
- 直接和间接依赖
- 可利用性评分（EPSS）
- 可用补丁和升级路径

GDPR Compliance Audit

GDPR合规审计

bash

undefined

bash

undefined

Full GDPR audit

/gdpr-audit

Specific data flow analysis

/gdpr-audit --focus data-flow

Generate DPA checklist

/gdpr-audit --output dpa-checklist


**Analyzes**:
- Personal data collection points
- Consent mechanisms and gaps
- Right to erasure implementation
- Data processor agreements (DPA)
- Cross-border transfer safeguards
- Breach notification procedures

/gdpr-audit --output dpa-checklist


**分析内容**:
- 个人数据收集点
- 同意机制及缺口
- 删除权实现情况
- 数据处理协议（DPA）
- 跨境传输保障措施
-  breach 通知流程

SOC2 Readiness Assessment

SOC2就绪评估

bash

undefined

bash

undefined

Full SOC2 Type II assessment

/soc2-readiness

Specific Trust Service Criteria

/soc2-readiness --criteria security,availability

Gap analysis with timeline

/soc2-readiness --timeline 6-months


**Evaluates**:
- Security (CC6.x controls)
- Availability (A1.x controls)
- Processing Integrity
- Confidentiality
- Privacy
- Evidence collection readiness

/soc2-readiness --timeline 6-months


**评估内容**:
- 安全性（CC6.x控制项）
- 可用性（A1.x控制项）
- 处理完整性
- 保密性
- 隐私性
- 证据收集就绪情况

Threat Modeling

威胁建模

bash

undefined

bash

undefined

STRIDE threat model from architecture

/threat-model ./docs/architecture.md

With risk matrix output

/threat-model ./design.yaml --risk-matrix

Focus on specific components

/threat-model --components api,database,auth


**Generates**:
- Spoofing threats
- Tampering vectors
- Repudiation risks
- Information disclosure
- Denial of service scenarios
- Elevation of privilege paths

/threat-model --components api,database,auth


**生成内容**:
- 伪造威胁
- 篡改向量
- 抵赖风险
- 信息泄露
- 拒绝服务场景
- 权限提升路径

Penetration Test Report

渗透测试报告

bash

undefined

bash

undefined

Generate structured pentest report

/pentest-report --target https://api.example.com

From vulnerability scan results

/pentest-report --import ./scan-results.json

With executive summary

/pentest-report --format executive

undefined

/pentest-report --format executive

undefined

Secret Detection

密钥检测

bash

undefined

bash

undefined

Setup pre-commit hook

/secret-detect --setup

Scan codebase for secrets

/secret-detect --scan .

Check specific files

/secret-detect ./config/production.yml


**Detects**:
- API keys (AWS, GitHub, Stripe)
- Private keys and certificates
- Database credentials
- OAuth tokens
- High-entropy strings

/secret-detect ./config/production.yml


**检测内容**:
- API密钥（AWS、GitHub、Stripe）
- 私钥和证书
- 数据库凭证
- OAuth令牌
- 高熵字符串

IAM Audit

IAM审计

bash

undefined

bash

undefined

Full IAM privilege audit

/iam-audit

Specific cloud provider

/iam-audit --provider aws

Focus on over-permissions

/iam-audit --focus over-privileged


**Identifies**:
- Over-permissioned roles
- Stale access (unused >90 days)
- MFA gaps
- Service account issues
- Cross-account access risks

/iam-audit --focus over-privileged


**识别内容**:
- 权限过度的角色
-  stale访问（超过90天未使用）
- MFA缺口
- 服务账户问题
- 跨账户访问风险

Incident Response Playbook

事件响应手册

bash

undefined

bash

undefined

Generate incident playbook

/incident-playbook --type data-breach

For specific scenario

/incident-playbook --scenario "SQL injection exploit"

With team assignments

/incident-playbook --assign-roles


**Phases**:
1. Triage & Detection
2. Containment
3. Eradication
4. Recovery
5. Lessons Learned

/incident-playbook --assign-roles


**阶段**:
1. 分类与检测
2. 遏制
3. 根除
4. 恢复
5. 经验总结

Privacy Policy Generator

隐私政策生成器

bash

undefined

bash

undefined

Generate GDPR/CCPA policy

/privacy-policy --regions eu,us

From data inventory

/privacy-policy --inventory ./data-map.json

With specific clauses

/privacy-policy --include cookies,analytics,marketing

undefined

/privacy-policy --include cookies,analytics,marketing

undefined

Workflows

工作流

Secure SDLC Workflow

安全SDLC工作流

End-to-end security integration in development lifecycle.

bash

undefined

开发生命周期中的端到端安全集成。

bash

undefined

Full secure SDLC workflow

/workflows:secure-sdlc --target ./src

Specific phases

/workflows:secure-sdlc --phases threat-model,code-scan,dast


**Steps**:
1. Threat model design review
2. Static code analysis (SAST)
3. Dynamic testing (DAST)
4. Penetration testing
5. Security sign-off

/workflows:secure-sdlc --phases threat-model,code-scan,dast


**步骤**:
1. 威胁模型设计评审
2. 静态代码分析（SAST）
3. 动态测试（DAST）
4. 渗透测试
5. 安全签字确认

Breach Response Workflow

Breach响应工作流

bash

undefined

bash

undefined

Data breach response workflow

/workflows:breach-response --incident "Customer data exposure"

With specific scope

/workflows:breach-response --scope "database_users table" --severity high


**Process**:
1. Detection & initial assessment
2. Impact analysis & legal review
3. Notification (GDPR 72h requirement)
4. Remediation & containment
5. Post-mortem & improvements

/workflows:breach-response --scope "database_users table" --severity high


**流程**:
1. 检测与初步评估
2. 影响分析与法律评审
3. 通知（GDPR 72小时要求）
4. 修复与遏制
5. 事后分析与改进

Compliance Audit Workflow

合规审计工作流

bash

undefined

bash

undefined

Full compliance audit

/workflows:compliance-audit --standards gdpr,soc2,iso27001

Gap analysis only

/workflows:compliance-audit --mode gap-analysis --output report.pdf

undefined

/workflows:compliance-audit --mode gap-analysis --output report.pdf

undefined

Zero Trust Design Workflow

零信任设计工作流

bash

undefined

bash

undefined

Zero trust architecture design

/workflows:zero-trust-design --scope "API infrastructure"

Specific layers

/workflows:zero-trust-design --layers identity,network,workload


**Layers**:
1. Identity (authentication, authorization)
2. Network (segmentation, encryption)
3. Workload (container security, least privilege)
4. Data (encryption, DLP)

/workflows:zero-trust-design --layers identity,network,workload


**层级**:
1. 身份（认证、授权）
2. 网络（分段、加密）
3. 工作负载（容器安全、最小权限）
4. 数据（加密、DLP）

Vendor Security Assessment

供应商安全评估

bash

undefined

bash

undefined

Third-party vendor assessment

/workflows:vendor-security --vendor "Acme SaaS Provider"

With questionnaire

/workflows:vendor-security --questionnaire vsaq --risk-threshold medium

undefined

/workflows:vendor-security --questionnaire vsaq --risk-threshold medium

undefined

Configuration

配置

Command Options

命令选项

All commands support these common flags:

bash

--output <format>    # json, md, html, pdf
--severity <level>   # critical, high, medium, low
--exclude <paths>    # Comma-separated exclusion patterns
--verbose           # Detailed logging
--quiet             # Minimal output

所有命令支持以下通用标志：

bash

--output <format>    # json, md, html, pdf
--severity <level>   # critical, high, medium, low
--exclude <paths>    # Comma-separated exclusion patterns
--verbose           # Detailed logging
--quiet             # Minimal output

Custom Configuration File

自定义配置文件

Create

.security-suite.yaml

in project root:

yaml

undefined

在项目根目录创建

.security-suite.yaml

：

yaml

undefined

.security-suite.yaml

scan: exclude_paths: - node_modules/ - vendor/ - test/fixtures/ severity_threshold: medium

owasp: enabled_checks: - sql_injection - xss - csrf - auth custom_rules: ./security-rules.yaml

cve: sources: - nvd - github-advisory - snyk ignore_dev_dependencies: true

gdpr: data_residency: eu-west-1 dpo_contact: ${DPO_EMAIL} representative_contact: ${EU_REP_EMAIL}

soc2: target_readiness: 6-months auditor: ${AUDITOR_FIRM}

notifications: slack_webhook: ${SLACK_WEBHOOK_URL} email: ${SECURITY_EMAIL} pagerduty_key: ${PAGERDUTY_KEY}

undefined

scan: exclude_paths: - node_modules/ - vendor/ - test/fixtures/ severity_threshold: medium

owasp: enabled_checks: - sql_injection - xss - csrf - auth custom_rules: ./security-rules.yaml

cve: sources: - nvd - github-advisory - snyk ignore_dev_dependencies: true

gdpr: data_residency: eu-west-1 dpo_contact: ${DPO_EMAIL} representative_contact: ${EU_REP_EMAIL}

soc2: target_readiness: 6-months auditor: ${AUDITOR_FIRM}

notifications: slack_webhook: ${SLACK_WEBHOOK_URL} email: ${SECURITY_EMAIL} pagerduty_key: ${PAGERDUTY_KEY}

undefined

Environment Variables

环境变量

bash

undefined

bash

undefined

Required for external integrations

export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/..." export SECURITY_EMAIL="security@company.com" export DPO_EMAIL="dpo@company.com"

Cloud provider credentials for IAM audit

export AWS_PROFILE="security-audit" export AZURE_SUBSCRIPTION_ID="..." export GCP_PROJECT_ID="..."

Optional: CVE database API keys

export NVD_API_KEY="..." export SNYK_TOKEN="..."

undefined

export NVD_API_KEY="..." export SNYK_TOKEN="..."

undefined

Code Examples

代码示例

Integrating OWASP Scan in CI/CD

在CI/CD中集成OWASP扫描

yaml

undefined

yaml

undefined

.github/workflows/security.yml

name: Security Scan on: [push, pull_request]

jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3

  - name: Install Security Suite
    run: |
      git clone https://github.com/sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git
      echo "SUITE_PATH=$(pwd)/r01-hesreallyhim-awesome-claude-code-security" >> $GITHUB_ENV
  
  - name: Run OWASP Scan
    run: |
      ${SUITE_PATH}/bin/owasp-scan . --output json --severity high > scan-results.json
  
  - name: Check for Critical Issues
    run: |
      CRITICAL=$(jq '[.findings[] | select(.severity=="critical")] | length' scan-results.json)
      if [ "$CRITICAL" -gt 0 ]; then
        echo "Found $CRITICAL critical vulnerabilities"
        exit 1
      fi
  
  - name: Upload Results
    uses: actions/upload-artifact@v3
    with:
      name: security-scan
      path: scan-results.json

undefined

name: Security Scan on: [push, pull_request]

jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3

  - name: Install Security Suite
    run: |
      git clone https://github.com/sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git
      echo "SUITE_PATH=$(pwd)/r01-hesreallyhim-awesome-claude-code-security" >> $GITHUB_ENV
  
  - name: Run OWASP Scan
    run: |
      ${SUITE_PATH}/bin/owasp-scan . --output json --severity high > scan-results.json
  
  - name: Check for Critical Issues
    run: |
      CRITICAL=$(jq '[.findings[] | select(.severity=="critical")] | length' scan-results.json)
      if [ "$CRITICAL" -gt 0 ]; then
        echo "Found $CRITICAL critical vulnerabilities"
        exit 1
      fi
  
  - name: Upload Results
    uses: actions/upload-artifact@v3
    with:
      name: security-scan
      path: scan-results.json

undefined

Pre-commit Hook for Secret Detection

用于密钥检测的预提交钩子

bash

#!/bin/bash

bash

#!/bin/bash

.git/hooks/pre-commit

SUITE_PATH="$HOME/.claude/skills/security-compliance-suite"

echo "🔍 Scanning for secrets..." if ! ${SUITE_PATH}/bin/secret-detect --scan --staged; then echo "❌ Secret detected! Commit blocked." echo "Run: /secret-detect --help for remediation" exit 1 fi

echo "✓ No secrets detected" exit 0

undefined

SUITE_PATH="$HOME/.claude/skills/security-compliance-suite"

echo "🔍 Scanning for secrets..." if ! ${SUITE_PATH}/bin/secret-detect --scan --staged; then echo "❌ Secret detected! Commit blocked." echo "Run: /secret-detect --help for remediation" exit 1 fi

echo "✓ No secrets detected" exit 0

undefined

Automated Compliance Reporting

自动化合规报告

python

undefined

python

undefined

compliance_report.py

import subprocess import json from datetime import datetime

def run_compliance_audit(standards=["gdpr", "soc2"]): """Run compliance audit and generate report"""

results = {}
for standard in standards:
    cmd = [
        f"~/.claude/skills/security-compliance-suite/bin/compliance-audit",
        f"--standard={standard}",
        "--output=json"
    ]
    
    output = subprocess.check_output(cmd, text=True)
    results[standard] = json.loads(output)

# Generate consolidated report
report = {
    "timestamp": datetime.utcnow().isoformat(),
    "standards": results,
    "overall_score": calculate_compliance_score(results)
}

with open("compliance-report.json", "w") as f:
    json.dump(report, f, indent=2)

return report

def calculate_compliance_score(results): """Calculate overall compliance percentage""" total_controls = 0 passed_controls = 0

for standard, data in results.items():
    total_controls += data["total_controls"]
    passed_controls += data["passed_controls"]

return (passed_controls / total_controls * 100) if total_controls > 0 else 0

if name == "main": report = run_compliance_audit() print(f"Overall Compliance: {report['overall_score']:.1f}%")

undefined

import subprocess import json from datetime import datetime

def run_compliance_audit(standards=["gdpr", "soc2"]): """Run compliance audit and generate report"""

results = {}
for standard in standards:
    cmd = [
        f"~/.claude/skills/security-compliance-suite/bin/compliance-audit",
        f"--standard={standard}",
        "--output=json"
    ]
    
    output = subprocess.check_output(cmd, text=True)
    results[standard] = json.loads(output)

# Generate consolidated report
report = {
    "timestamp": datetime.utcnow().isoformat(),
    "standards": results,
    "overall_score": calculate_compliance_score(results)
}

with open("compliance-report.json", "w") as f:
    json.dump(report, f, indent=2)

return report

def calculate_compliance_score(results): """Calculate overall compliance percentage""" total_controls = 0 passed_controls = 0

for standard, data in results.items():
    total_controls += data["total_controls"]
    passed_controls += data["passed_controls"]

return (passed_controls / total_controls * 100) if total_controls > 0 else 0

if name == "main": report = run_compliance_audit() print(f"Overall Compliance: {report['overall_score']:.1f}%")

undefined

Threat Modeling from Architecture

基于架构的威胁建模

javascript

// threat-model-integration.js
const { execSync } = require('child_process');
const fs = require('fs');

async function generateThreatModel(architectureFile) {
  const command = `~/.claude/skills/security-compliance-suite/bin/threat-model ${architectureFile} --output json`;
  
  try {
    const output = execSync(command, { encoding: 'utf-8' });
    const threatModel = JSON.parse(output);
    
    // Filter high-risk threats
    const highRisk = threatModel.threats.filter(t => 
      t.risk_score >= 7.0
    );
    
    // Generate Jira tickets for high-risk threats
    for (const threat of highRisk) {
      await createSecurityTicket({
        title: `[SECURITY] ${threat.category}: ${threat.title}`,
        description: threat.description,
        severity: threat.severity,
        mitigation: threat.recommended_mitigations
      });
    }
    
    return threatModel;
  } catch (error) {
    console.error('Threat modeling failed:', error.message);
    throw error;
  }
}

async function createSecurityTicket(threat) {
  // Integration with issue tracker
  console.log(`Creating ticket for: ${threat.title}`);
  // Implementation depends on your issue tracker
}

module.exports = { generateThreatModel };

javascript

// threat-model-integration.js
const { execSync } = require('child_process');
const fs = require('fs');

async function generateThreatModel(architectureFile) {
  const command = `~/.claude/skills/security-compliance-suite/bin/threat-model ${architectureFile} --output json`;
  
  try {
    const output = execSync(command, { encoding: 'utf-8' });
    const threatModel = JSON.parse(output);
    
    // Filter high-risk threats
    const highRisk = threatModel.threats.filter(t => 
      t.risk_score >= 7.0
    );
    
    // Generate Jira tickets for high-risk threats
    for (const threat of highRisk) {
      await createSecurityTicket({
        title: `[SECURITY] ${threat.category}: ${threat.title}`,
        description: threat.description,
        severity: threat.severity,
        mitigation: threat.recommended_mitigations
      });
    }
    
    return threatModel;
  } catch (error) {
    console.error('Threat modeling failed:', error.message);
    throw error;
  }
}

async function createSecurityTicket(threat) {
  // Integration with issue tracker
  console.log(`Creating ticket for: ${threat.title}`);
  // Implementation depends on your issue tracker
}

module.exports = { generateThreatModel };

Common Patterns

常见模式

Daily Security Dashboard

每日安全仪表盘

bash

#!/bin/bash

bash

#!/bin/bash

daily-security-check.sh

echo "🔒 Daily Security Dashboard - $(date)" echo "========================================"

1. Quick vulnerability scan

echo "\n📊 Vulnerability Scan" /owasp-scan . --quick --severity high | grep -E "(🔴|🟠)"

2. Check for new CVEs

echo "\n🚨 New CVEs in Dependencies" /dep-cve --new-only --output table

3. IAM changes

echo "\n👤 IAM Changes (last 24h)" /iam-audit --since 24h --changes-only

4. Secret detection on recent commits

echo "\n🔑 Secret Scan (recent commits)" git diff HEAD~5..HEAD | /secret-detect --stdin

echo "\n✓ Daily check complete"

undefined

echo "\n🔑 Secret Scan (recent commits)" git diff HEAD~5..HEAD | /secret-detect --stdin

echo "\n✓ Daily check complete"

undefined

Compliance Evidence Collection

合规证据收集

bash

undefined

bash

undefined

collect-compliance-evidence.sh

#!/bin/bash

EVIDENCE_DIR="./compliance-evidence/$(date +%Y-%m-%d)" mkdir -p "$EVIDENCE_DIR"

#!/bin/bash

EVIDENCE_DIR="./compliance-evidence/$(date +%Y-%m-%d)" mkdir -p "$EVIDENCE_DIR"

Collect SOC2 evidence

/soc2-readiness --output json > "$EVIDENCE_DIR/soc2-assessment.json"

GDPR data flows

/gdpr-audit --focus data-flow --output pdf > "$EVIDENCE_DIR/gdpr-data-flows.pdf"

Access logs audit

/iam-audit --export-logs > "$EVIDENCE_DIR/iam-audit-logs.json"

System configurations

/security-config-export > "$EVIDENCE_DIR/security-configs.yaml"

echo "Evidence collected in: $EVIDENCE_DIR"

undefined

/security-config-export > "$EVIDENCE_DIR/security-configs.yaml"

echo "Evidence collected in: $EVIDENCE_DIR"

undefined

Incident Response Automation

事件响应自动化

python

undefined

python

undefined

incident_response.py

import os import subprocess from datetime import datetime

def initiate_incident_response(incident_type, severity, description): """Automated incident response workflow"""

timestamp = datetime.utcnow().isoformat()
incident_id = f"INC-{timestamp.replace(':', '').replace('-', '')}"

# 1. Generate playbook
subprocess.run([
    "~/.claude/skills/security-compliance-suite/bin/incident-playbook",
    f"--type={incident_type}",
    f"--id={incident_id}",
    f"--severity={severity}"
])

# 2. Notify team
notify_security_team(incident_id, severity, description)

# 3. Trigger containment if critical
if severity == "critical":
    trigger_containment_measures(incident_id)

# 4. Start evidence collection
collect_forensic_evidence(incident_id)

return incident_id

def notify_security_team(incident_id, severity, description): """Send notifications via configured channels""" webhook = os.getenv("SLACK_WEBHOOK_URL") if webhook: # Send Slack notification pass

def trigger_containment_measures(incident_id): """Automated containment for critical incidents""" # Rotate credentials, block IPs, etc. pass

def collect_forensic_evidence(incident_id): """Collect logs and system state""" subprocess.run([ "~/.claude/skills/security-compliance-suite/bin/forensic-collect", f"--incident={incident_id}" ])

undefined

import os import subprocess from datetime import datetime

def initiate_incident_response(incident_type, severity, description): """Automated incident response workflow"""

timestamp = datetime.utcnow().isoformat()
incident_id = f"INC-{timestamp.replace(':', '').replace('-', '')}"

# 1. Generate playbook
subprocess.run([
    "~/.claude/skills/security-compliance-suite/bin/incident-playbook",
    f"--type={incident_type}",
    f"--id={incident_id}",
    f"--severity={severity}"
])

# 2. Notify team
notify_security_team(incident_id, severity, description)

# 3. Trigger containment if critical
if severity == "critical":
    trigger_containment_measures(incident_id)

# 4. Start evidence collection
collect_forensic_evidence(incident_id)

return incident_id

def notify_security_team(incident_id, severity, description): """Send notifications via configured channels""" webhook = os.getenv("SLACK_WEBHOOK_URL") if webhook: # Send Slack notification pass

def trigger_containment_measures(incident_id): """Automated containment for critical incidents""" # Rotate credentials, block IPs, etc. pass

def collect_forensic_evidence(incident_id): """Collect logs and system state""" subprocess.run([ "~/.claude/skills/security-compliance-suite/bin/forensic-collect", f"--incident={incident_id}" ])

undefined

Troubleshooting

故障排除

Command Not Found

命令未找到

bash

undefined

bash

undefined

Ensure binary is executable

chmod +x ~/.claude/skills/security-compliance-suite/bin/*

Add to PATH

export PATH="$PATH:$HOME/.claude/skills/security-compliance-suite/bin"

undefined

export PATH="$PATH:$HOME/.claude/skills/security-compliance-suite/bin"

undefined

Permission Denied on IAM Audit

IAM审计权限被拒绝

bash

undefined

bash

undefined

Verify cloud provider credentials

aws sts get-caller-identity # For AWS az account show # For Azure gcloud auth list # For GCP

Grant required permissions (AWS example)

Attach SecurityAudit managed policy to your role

undefined

undefined

CVE Scan Timeouts

CVE扫描超时

bash

undefined

bash

undefined

Reduce scope to production dependencies only

/dep-cve --scope prod

Or scan in batches

/dep-cve --scope prod --batch-size 50

Cache CVE database locally

export CVE_CACHE_DIR="$HOME/.cache/cve-db" /dep-cve --use-cache

undefined

export CVE_CACHE_DIR="$HOME/.cache/cve-db" /dep-cve --use-cache

undefined

GDPR Audit Missing Data Sources

GDPR审计缺少数据源

yaml

undefined

yaml

undefined

.security-suite.yaml

gdpr: data_sources: - type: database connection: ${DATABASE_URL} - type: api endpoint: https://api.example.com auth: ${API_KEY} - type: file path: ./user-data/

undefined

gdpr: data_sources: - type: database connection: ${DATABASE_URL} - type: api endpoint: https://api.example.com auth: ${API_KEY} - type: file path: ./user-data/

undefined

False Positives in Secret Detection

密钥检测误报

yaml

undefined

yaml

undefined

.secret-detect.yaml

ignore_patterns:

"test/fixtures/*"
"docs/examples/*"

false_positive_hashes:

"abc123..." # Example API key hash

custom_entropy_threshold: 4.5 # Increase to reduce false positives

undefined

ignore_patterns:

"test/fixtures/*"
"docs/examples/*"

false_positive_hashes:

"abc123..." # Example API key hash

custom_entropy_threshold: 4.5 # Increase to reduce false positives

undefined

Report Generation Fails

报告生成失败

bash

undefined

bash

undefined

Install report dependencies

pip install jinja2 weasyprint # For PDF reports npm install -g marked # For Markdown processing

Or use JSON output and convert separately

/owasp-scan . --output json | jq '.' > report.json

undefined

/owasp-scan . --output json | jq '.' > report.json

undefined

Workflow Timeout

工作流超时

bash

undefined

bash

undefined

Increase timeout for long-running workflows

/workflows:secure-sdlc --timeout 3600 # 1 hour

Or run phases separately

/workflows:secure-sdlc --phase threat-model /workflows:secure-sdlc --phase code-scan --resume

undefined

/workflows:secure-sdlc --phase threat-model /workflows:secure-sdlc --phase code-scan --resume

undefined

Integration Examples

集成示例

Slack Notifications

Slack通知

bash

undefined

bash

undefined

Send scan results to Slack

/owasp-scan . --output json |
jq '.summary' |
curl -X POST ${SLACK_WEBHOOK_URL}
-H 'Content-Type: application/json'
-d @-

undefined

/owasp-scan . --output json |
jq '.summary' |
curl -X POST ${SLACK_WEBHOOK_URL}
-H 'Content-Type: application/json'
-d @-

undefined

Jira Ticket Creation

Jira工单创建

bash

undefined

bash

undefined

Create Jira tickets for high-severity findings

/owasp-scan . --output json |
jq -r '.findings[] | select(.severity=="high") | "curl -X POST ${JIRA_API_URL}/issue -H "Authorization: Bearer ${JIRA_TOKEN}" -d '"'"'{"fields":{"project":{"key":"SEC"},"summary":"(.title)","description":"(.description)","issuetype":{"name":"Security"}}}'"'"'"' |
bash

undefined

/owasp-scan . --output json |
jq -r '.findings[] | select(.severity=="high") | "curl -X POST ${JIRA_API_URL}/issue -H "Authorization: Bearer ${JIRA_TOKEN}" -d '"'"'{"fields":{"project":{"key":"SEC"},"summary":"(.title)","description":"(.description)","issuetype":{"name":"Security"}}}'"'"'"' |
bash

undefined

Continuous Monitoring

持续监控

bash

undefined

bash

undefined

Cron job for daily scans

/etc/cron.d/security-scan

0 2 * * * /home/user/.claude/skills/security-compliance-suite/bin/daily-security-check.sh >> /var/log/security-scan.log 2>&1

undefined

0 2 * * * /home/user/.claude/skills/security-compliance-suite/bin/daily-security-check.sh >> /var/log/security-scan.log 2>&1

undefined

Best Practices

最佳实践

Run scans in CI/CD: Fail builds on critical/high severity issues
Schedule regular audits: Weekly OWASP, monthly compliance checks
Automate evidence collection: For SOC2/ISO27001 audits
Version control playbooks: Track incident response improvements
Use environment variables: Never commit credentials
Test workflows in staging: Before production deployment
Review false positives: Tune detection rules regularly
Document exceptions: Maintain risk acceptance log

在CI/CD中运行扫描：发现严重/高危问题时终止构建
定期安排审计：每周OWASP扫描，每月合规检查
自动化证据收集：用于SOC2/ISO27001审计
版本控制手册：跟踪事件响应改进
使用环境变量：绝不提交凭证
在预发布环境测试工作流：部署到生产前
审核误报：定期调整检测规则
记录例外情况：维护风险接受日志

sparkfinderoven-security-compliance-suite

Original

Translation

🔒 Security & Compliance Skills Suite

🔒 安全与合规技能套件

What This Project Does

项目功能

Installation

安装

Quick Install

快速安装

Clone to Claude skills directory

Clone to Claude skills directory

Register in Claude Code session

Register in Claude Code session

In Claude Code:

In Claude Code:

Manual Setup

手动设置

Copy skill files to your project

Copy skill files to your project

Or reference directly in your .claude/config.json

Or reference directly in your .claude/config.json

Core Commands

核心命令

OWASP Security Scan

OWASP安全扫描

Scan entire codebase

Scan entire codebase

Scan specific directory

Scan specific directory

With custom configuration

With custom configuration

Dependency CVE Scanning

依赖CVE扫描

Full dependency tree scan

Full dependency tree scan

Production dependencies only

Production dependencies only

With upgrade path suggestions

With upgrade path suggestions

GDPR Compliance Audit

GDPR合规审计

Full GDPR audit

Full GDPR audit

Specific data flow analysis

Specific data flow analysis

Generate DPA checklist

Generate DPA checklist

SOC2 Readiness Assessment

SOC2就绪评估

Full SOC2 Type II assessment

Full SOC2 Type II assessment

Specific Trust Service Criteria

Specific Trust Service Criteria

Gap analysis with timeline

Gap analysis with timeline

Threat Modeling

威胁建模

STRIDE threat model from architecture

STRIDE threat model from architecture

With risk matrix output

With risk matrix output

Focus on specific components

Focus on specific components

Penetration Test Report

渗透测试报告

Generate structured pentest report

Generate structured pentest report

From vulnerability scan results

From vulnerability scan results

With executive summary

With executive summary

Secret Detection

密钥检测

Setup pre-commit hook

Setup pre-commit hook

Scan codebase for secrets

Scan codebase for secrets

Check specific files