zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-devops-compliance-checker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:19:06 +08:00
commit 0162a5a055
11 changed files with 484 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,15 @@
{
"name": "compliance-checker",
"description": "Check infrastructure compliance (SOC2, HIPAA, PCI-DSS)",
"version": "1.0.0",
"author": {
"name": "Claude Code Plugins",
"email": "[email protected]"
},
"skills": [
"./skills"
],
"commands": [
"./commands"
]
}

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# compliance-checker
Check infrastructure compliance (SOC2, HIPAA, PCI-DSS)

25
commands/compliance-check.md Normal file
View File

@@ -0,0 +1,25 @@
---
description: $(echo "$description" | cut -d' ' -f1-5)
---
# $(echo "$name" | sed 's/-/ /g' | sed 's/\b\(.\)/\u\1/g')
$(echo "$description")
## Key Features
- Production-ready configurations
- Best practices implementation
- Security-first approach
- Scalable architecture
- Comprehensive documentation
- Multi-platform support
## Example Usage
This plugin generates complete configurations for your DevOps needs.
Specify your requirements and get production-ready code instantly.
## When Invoked
Generate configurations and setup code based on your specific requirements and infrastructure needs.

73
plugin.lock.json Normal file
View File

@@ -0,0 +1,73 @@
{
"$schema": "internal://schemas/plugin.lock.v1.json",
"pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/devops/compliance-checker",
"normalized": {
"repo": null,
"ref": "refs/tags/v20251128.0",
"commit": "74212c325e1570d2cd423e8de8fca016935779ca",
"treeHash": "8deb35da26729f12582ae648622299ef319ade4ad729bd7f309fba8a6d61ed3c",
"generatedAt": "2025-11-28T10:18:13.491051Z",
"toolVersion": "publish_plugins.py@0.2.0"
},
"origin": {
"remote": "git@github.com:zhongweili/42plugin-data.git",
"branch": "master",
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
},
"manifest": {
"name": "compliance-checker",
"description": "Check infrastructure compliance (SOC2, HIPAA, PCI-DSS)",
"version": "1.0.0"
},
"content": {
"files": [
{
"path": "README.md",
"sha256": "43d1dd47ba60e7bae8e7caf8b797476cce797cf0be772fd3e83df1e889c2744d"
},
{
"path": ".claude-plugin/plugin.json",
"sha256": "7ec48db099d513a5bc94f9b5b091cdab06f6d6f3e7762df9663fd3c60fea5914"
},
{
"path": "commands/compliance-check.md",
"sha256": "353f80054a90cda1e6716da3628115ce829307fbbb83a15b64f1d37c96224a99"
},
{
"path": "skills/compliance-checker/SKILL.md",
"sha256": "265f6fa8bb13a1b74ca66086e27fdb9c5ac02a08d46a91340dd0699849a42755"
},
{
"path": "skills/compliance-checker/references/README.md",
"sha256": "02d44b947771aa63c23199ad3d44ddffef0fd0f0048081a1241478d148455728"
},
{
"path": "skills/compliance-checker/scripts/README.md",
"sha256": "e97110254437230190a7dc7569e02d06ffa2c4604301ac8491d745ffa36fdb1c"
},
{
"path": "skills/compliance-checker/assets/compliance_rules.json",
"sha256": "ada375eda27725e863ae01637ecaeccb709c0913d36fd8430388aa55df31fdec"
},
{
"path": "skills/compliance-checker/assets/example_infrastructure_config.yaml",
"sha256": "e465d17256e6d31fe8c23f81cee7ede15b98b51b165246e25f85ddbb92ff8510"
},
{
"path": "skills/compliance-checker/assets/compliance_report_template.md",
"sha256": "92a91b9882dc5eb8aca03a4c351d6ce1aef25b1defca43fb89e3667c1ca50101"
},
{
"path": "skills/compliance-checker/assets/README.md",
"sha256": "f5eb335fd239405a9262e67111bedd37a88f9baa2dce4d2c9dcb5ba03a4264c5"
}
],
"dirSha256": "8deb35da26729f12582ae648622299ef319ade4ad729bd7f309fba8a6d61ed3c"
},
"security": {
"scannedAt": null,
"scannerVersion": null,
"flags": []
}
}

52
skills/compliance-checker/SKILL.md Normal file
View File

@@ -0,0 +1,52 @@
---
name: checking-infrastructure-compliance
description: |
This skill allows Claude to check infrastructure compliance against industry standards such as SOC2, HIPAA, and PCI-DSS. It analyzes existing infrastructure configurations and reports on potential compliance violations. Use this skill when the user asks to assess compliance, identify security risks related to compliance, or generate reports on compliance status for SOC2, HIPAA, or PCI-DSS. Trigger terms include: "compliance check", "SOC2 compliance", "HIPAA compliance", "PCI-DSS compliance", "compliance report", "infrastructure compliance", "security audit", "assess compliance".
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
version: 1.0.0
---
## Overview
This skill enables Claude to evaluate infrastructure configurations against common compliance frameworks. It helps identify potential vulnerabilities and gaps in compliance, providing valuable insights for remediation.
## How It Works
1. **Receiving Request**: Claude receives a user request to check infrastructure compliance.
2. **Analyzing Configuration**: Claude analyzes the infrastructure configuration based on the requested compliance standard (SOC2, HIPAA, PCI-DSS).
3. **Generating Report**: Claude generates a report highlighting potential compliance violations and areas for improvement.
## When to Use This Skill
This skill activates when you need to:
- Assess infrastructure compliance against SOC2, HIPAA, or PCI-DSS standards.
- Identify potential security risks related to compliance violations.
- Generate reports on the compliance status of your infrastructure.
## Examples
### Example 1: Assessing SOC2 Compliance
User request: "Run a SOC2 compliance check on our AWS infrastructure."
The skill will:
1. Analyze the AWS infrastructure configuration against SOC2 requirements.
2. Generate a report identifying any non-compliant configurations and recommended remediations.
### Example 2: Identifying HIPAA Compliance Issues
User request: "Check our cloud environment for HIPAA compliance violations."
The skill will:
1. Analyze the cloud environment's security settings and configurations against HIPAA regulations.
2. Provide a report outlining potential HIPAA violations and suggested corrective actions.
## Best Practices
- **Specify Standard**: Always specify the compliance standard (SOC2, HIPAA, PCI-DSS) you want to check against.
- **Provide Context**: Provide as much context as possible about your infrastructure to ensure accurate analysis.
- **Review Results**: Carefully review the generated report and implement the recommended remediations.
## Integration
This skill can be integrated with other DevOps tools and plugins to automate compliance checks and integrate compliance into the development lifecycle. For example, it can be used in conjunction with infrastructure-as-code tools to ensure compliance from the start.

7
skills/compliance-checker/assets/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Assets
Bundled resources for compliance-checker skill
- [ ] compliance_report_template.md: Markdown template for generating compliance reports.
- [ ] example_infrastructure_config.yaml: Example infrastructure configuration file for demonstration purposes.
- [ ] compliance_rules.json: JSON file containing compliance rules and checks.

49
skills/compliance-checker/assets/compliance_report_template.md Normal file
View File

@@ -0,0 +1,49 @@
# Compliance Report
**Date:** `[Insert Date]`
**Prepared for:** `[Insert Client Name/Organization]`
**Prepared by:** `[Your Name/Company Name]`
**Compliance Standard:** `[SOC2, HIPAA, PCI-DSS, or other - Specify Here]`
## Executive Summary
`[Provide a brief overview of the compliance status. Highlight key findings, overall compliance level (e.g., compliant, non-compliant, partially compliant), and any immediate actions required. Keep this concise and easy to understand for non-technical stakeholders. For example: "This report assesses the compliance of [Organization Name]'s infrastructure with the SOC2 Type II standard. Overall, the infrastructure demonstrates a high level of compliance. However, [Number] minor deficiencies were identified related to [Area of Deficiency]. Remediation steps are outlined in the Recommendations section."]`
## 1. Scope
`[Clearly define the scope of the compliance assessment. What systems, applications, networks, or processes were included in the assessment? What was the period covered by the assessment? Be specific. For example: "This assessment covers all infrastructure components related to the processing, storage, and transmission of customer data, including servers, databases, network devices, and associated applications. The period covered by this assessment is January 1, 2024 to March 31, 2024."]`
## 2. Methodology
`[Describe the methodology used to conduct the compliance assessment. What standards or frameworks were used? What types of evidence were reviewed (e.g., policies, procedures, logs, configurations)? What tools were used to automate the assessment process? For example: "The compliance assessment was conducted in accordance with the [Compliance Standard] framework. Evidence was gathered through a review of policies, procedures, system configurations, log files, and vulnerability scan results. Automated compliance checks were performed using the Compliance Checker plugin."]`
## 3. Findings
### 3.1. Compliant Controls
`[List the controls that were found to be compliant. For each control, provide a brief description and justification for why it is considered compliant. Include references to specific evidence where applicable. For example: "Control 1.1: Access to sensitive data is restricted to authorized personnel. This control is compliant based on a review of access control lists and employee onboarding procedures, which demonstrate that access is granted on a least-privilege basis."]`
### 3.2. Non-Compliant Controls
`[List the controls that were found to be non-compliant. For each control, provide a detailed description of the deficiency, the potential impact, and the required remediation steps. Include references to specific evidence where applicable. For example: "Control 2.3: Regular vulnerability scans are performed on all systems. This control is non-compliant as vulnerability scans are only performed quarterly instead of monthly as required by the [Compliance Standard] framework. This increases the risk of exploitation of known vulnerabilities. Remediation steps include scheduling monthly vulnerability scans and verifying the results."]`
### 3.3. Partially Compliant Controls
`[List the controls that were found to be partially compliant. For each control, provide details on the areas where compliance is met and the areas where it is lacking. Include the potential impact and the required remediation steps. Include references to specific evidence where applicable. For example: "Control 3.4: System logs are regularly reviewed for suspicious activity. This control is partially compliant. System logs are collected and stored centrally, but the review process is not consistently documented. This increases the risk of undetected security incidents. Remediation steps include documenting the log review process and ensuring that all reviews are properly logged."]`
## 4. Recommendations
`[Provide specific and actionable recommendations for remediating the identified deficiencies. Prioritize the recommendations based on the severity of the risk. Include estimated timelines for implementation. For example: "1. Implement monthly vulnerability scans and verify the results (Priority: High, Estimated Timeline: 2 weeks). 2. Document the log review process and ensure that all reviews are properly logged (Priority: Medium, Estimated Timeline: 4 weeks). 3. [Add other recommendations here]"]`
## 5. Conclusion
`[Summarize the overall compliance status and reiterate the key findings and recommendations. Emphasize the importance of ongoing compliance monitoring and maintenance. For example: "Overall, [Organization Name]'s infrastructure demonstrates a [Compliance Level] level of compliance with the [Compliance Standard] standard. The identified deficiencies should be addressed promptly to mitigate potential risks. Ongoing compliance monitoring and maintenance are essential to ensure continued compliance and protect sensitive data."]`
## 6. Appendix
`[Include any supporting documentation, such as detailed vulnerability scan reports, policy documents, or system configuration details. This section is optional. You can also include a glossary of terms used in the report.]`
**Disclaimer:** This report is based on the information provided and the assessments conducted at the time of the assessment. Compliance status may change over time. It is the responsibility of [Client Name/Organization] to maintain ongoing compliance with the [Compliance Standard] standard.

131
skills/compliance-checker/assets/compliance_rules.json Normal file
View File

@@ -0,0 +1,131 @@
{
"_comment": "Compliance rules and checks for various standards.",
"standards": [
{
"name": "SOC2",
"version": "Type II",
"description": "SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.",
"categories": [
{
"name": "Security",
"controls": [
{
"id": "SOC2-Security-1",
"description": "Implement multi-factor authentication (MFA) for all user accounts.",
"type": "check",
"platform": ["AWS", "Azure", "GCP"],
"remediation": "Enable MFA on all user accounts. Review access logs for unauthorized access attempts.",
"check": {
"type": "script",
"language": "python",
"code": "def check_mfa(platform):\n if platform == 'AWS':\n # AWS specific MFA check\n pass\n elif platform == 'Azure':\n # Azure specific MFA check\n pass\n elif platform == 'GCP':\n # GCP specific MFA check\n pass\n return True # Placeholder for actual check\n\ncheck_mfa('AWS')",
"success_message": "MFA is enabled for all user accounts.",
"failure_message": "MFA is not enabled for all user accounts. Remediation steps provided."
},
"tags": ["authentication", "security"]
},
{
"id": "SOC2-Security-2",
"description": "Regularly audit and review user access permissions.",
"type": "check",
"platform": ["AWS", "Azure", "GCP"],
"remediation": "Conduct a user access review and revoke unnecessary permissions. Implement a least privilege access model.",
"check": {
"type": "api",
"endpoint": "/users/permissions",
"method": "GET",
"success_condition": "all(permission['status'] == 'active' for permission in response)",
"success_message": "User access permissions are regularly audited and reviewed.",
"failure_message": "User access permissions are not regularly audited or reviewed. Remediation steps provided."
},
"tags": ["authorization", "security"]
}
]
}
]
},
{
"name": "HIPAA",
"version": "Final Rule",
"description": "HIPAA sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.",
"categories": [
{
"name": "Administrative Safeguards",
"controls": [
{
"id": "HIPAA-Admin-1",
"description": "Implement a security awareness and training program for all employees.",
"type": "check",
"platform": ["General"],
"remediation": "Conduct regular security awareness training sessions. Document the training program and employee participation.",
"check": {
"type": "manual",
"instructions": "Verify that a security awareness and training program is in place and that all employees have completed the training.",
"success_message": "A security awareness and training program is in place and employees have completed the training.",
"failure_message": "A security awareness and training program is not in place or employees have not completed the training. Remediation steps provided."
},
"tags": ["training", "security", "administrative"]
},
{
"id": "HIPAA-Admin-2",
"description": "Conduct a risk assessment to identify potential vulnerabilities and threats.",
"type": "check",
"platform": ["General"],
"remediation": "Conduct a comprehensive risk assessment and develop a risk management plan.",
"check": {
"type": "manual",
"instructions": "Review the risk assessment documentation and verify that it addresses potential vulnerabilities and threats.",
"success_message": "A risk assessment has been conducted and a risk management plan is in place.",
"failure_message": "A risk assessment has not been conducted or a risk management plan is not in place. Remediation steps provided."
},
"tags": ["risk assessment", "security", "administrative"]
}
]
}
]
},
{
"name": "PCI-DSS",
"version": "4.0",
"description": "The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.",
"categories": [
{
"name": "Build and Maintain a Secure Network and Systems",
"controls": [
{
"id": "PCI-DSS-Network-1",
"description": "Install and maintain a firewall configuration to protect cardholder data.",
"type": "check",
"platform": ["AWS", "Azure", "GCP"],
"remediation": "Review firewall rules and ensure that they are properly configured to protect cardholder data. Implement intrusion detection and prevention systems.",
"check": {
"type": "script",
"language": "python",
"code": "def check_firewall(platform):\n if platform == 'AWS':\n # AWS specific firewall check\n pass\n elif platform == 'Azure':\n # Azure specific firewall check\n pass\n elif platform == 'GCP':\n # GCP specific firewall check\n pass\n return True # Placeholder for actual check\n\ncheck_firewall('AWS')",
"success_message": "Firewall is properly configured to protect cardholder data.",
"failure_message": "Firewall is not properly configured to protect cardholder data. Remediation steps provided."
},
"tags": ["firewall", "network", "security"]
},
{
"id": "PCI-DSS-Network-2",
"description": "Change vendor-supplied defaults for system passwords and other security parameters.",
"type": "check",
"platform": ["AWS", "Azure", "GCP"],
"remediation": "Change all vendor-supplied defaults for system passwords and other security parameters. Implement strong password policies.",
"check": {
"type": "api",
"endpoint": "/systems/defaults",
"method": "GET",
"success_condition": "all(system['default_password_changed'] == True for system in response)",
"success_message": "Vendor-supplied defaults have been changed for system passwords and other security parameters.",
"failure_message": "Vendor-supplied defaults have not been changed for system passwords and other security parameters. Remediation steps provided."
},
"tags": ["password", "security", "defaults"]
}
]
}
]
}
]
}

114
skills/compliance-checker/assets/example_infrastructure_config.yaml Normal file
View File

@@ -0,0 +1,114 @@
# Infrastructure Configuration for Compliance Checker Plugin
# General Settings
general:
environment: production # Environment (development, staging, production)
region: us-west-2 # AWS Region (e.g., us-east-1, eu-west-1)
account_id: REPLACE_ME # AWS Account ID or equivalent for other platforms
organization_name: YOUR_VALUE_HERE # Your organization's name
contact_email: compliance@example.com # Contact email for compliance inquiries
# Compliance Standards to Check
compliance_standards:
soc2:
enabled: true # Enable SOC2 compliance check
type_i: false # Check for Type I compliance (point-in-time)
type_ii: true # Check for Type II compliance (period-of-time)
hipaa:
enabled: false # Enable HIPAA compliance check
business_associate_agreement: true # Indicates a BAA is in place
pci_dss:
enabled: false # Enable PCI DSS compliance check
cardholder_data_environment: false # Indicates a cardholder data environment exists
# Infrastructure Components to Evaluate
infrastructure:
compute:
ec2: # AWS EC2 Instances
enabled: true
instance_ids: # List of EC2 instance IDs to check. Leave empty to check all.
- REPLACE_ME #Example instance id
- YOUR_VALUE_HERE #Another example instance id
security_group_rules: # Security Group rules to enforce
ingress:
- port: 22
protocol: tcp
cidr_blocks:
- 10.0.0.0/16 # Allow SSH access from internal network. REPLACE WITH MORE SECURE RULES IN PRODUCTION.
egress:
- port: 80
protocol: tcp
cidr_blocks:
- 0.0.0.0/0 # Allow HTTP access to the internet. REPLACE WITH MORE RESTRICTIVE RULES IN PRODUCTION.
lambda: # AWS Lambda Functions
enabled: false
function_names: # List of Lambda function names to check. Leave empty to check all.
- REPLACE_ME
gcp_compute_engine: # Google Cloud Compute Engine Instances
enabled: false
instance_names: # List of Compute Engine instance names to check. Leave empty to check all.
- YOUR_VALUE_HERE
storage:
s3: # AWS S3 Buckets
enabled: true
bucket_names: # List of S3 bucket names to check. Leave empty to check all.
- REPLACE_ME
encryption_enabled: true # Require encryption at rest
public_access_blocked: true # Block public access to buckets
cloud_storage: # Google Cloud Storage Buckets
enabled: false
bucket_names: # List of Cloud Storage bucket names to check. Leave empty to check all.
- YOUR_VALUE_HERE
database:
rds: # AWS RDS Databases
enabled: true
instance_ids: # List of RDS instance IDs to check. Leave empty to check all.
- REPLACE_ME
encryption_enabled: true # Require encryption at rest
publicly_accessible: false # Ensure databases are not publicly accessible
cloud_sql: # Google Cloud SQL Instances
enabled: false
instance_names: # List of Cloud SQL instance names to check. Leave empty to check all.
- YOUR_VALUE_HERE
network:
vpc: # AWS VPCs
enabled: true
vpc_ids: # List of VPC IDs to check. Leave empty to check all.
- REPLACE_ME
flow_logs_enabled: true # Require VPC Flow Logs for auditing
virtual_network: # Google Cloud VPCs
enabled: false
network_names: # List of VPC network names to check. Leave empty to check all.
- YOUR_VALUE_HERE
# Logging and Monitoring Configuration
logging:
cloudwatch: # AWS CloudWatch
enabled: true
log_group_retention_days: 30 # Retention period for CloudWatch logs
stackdriver: # Google Cloud Stackdriver Logging
enabled: false
log_retention_days: 30 # Retention period for Stackdriver logs
# Identity and Access Management (IAM) Configuration
iam:
aws_iam: # AWS IAM
enabled: true
mfa_required: true # Require multi-factor authentication for privileged users
password_policy: # Password policy requirements
minimum_length: 14
require_symbols: true
require_numbers: true
require_uppercase: true
require_lowercase: true
password_reuse_prevention: 24 # Number of passwords to prevent reuse
google_cloud_iam: # Google Cloud IAM
enabled: false
mfa_required: true # Require multi-factor authentication for privileged users
# Reporting Configuration
reporting:
frequency: weekly # How often to generate compliance reports (daily, weekly, monthly)
report_recipients: # List of email addresses to receive compliance reports
- REPLACE_ME # Example compliance report email
output_format: pdf # Report output format (pdf, csv, json)

8
skills/compliance-checker/references/README.md Normal file
View File

@@ -0,0 +1,8 @@
# References
Bundled resources for compliance-checker skill
- [ ] soc2_controls.md: Detailed documentation of SOC2 compliance controls and how they relate to infrastructure configurations.
- [ ] hipaa_security_rule.md: Detailed documentation of HIPAA Security Rule and how it relates to infrastructure configurations.
- [ ] pci_dss_requirements.md: Detailed documentation of PCI DSS requirements and how they relate to infrastructure configurations.
- [ ] cis_benchmarks.md: Documentation on CIS Benchmarks and their relevance to infrastructure compliance.

7
skills/compliance-checker/scripts/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Scripts
Bundled resources for compliance-checker skill
- [ ] compliance_scan.sh: Executes compliance checks using various tools and generates a report.
- [ ] report_formatter.py: Formats the compliance report into a user-friendly format (e.g., Markdown, JSON).
- [ ] remediation_suggestions.py: Analyzes the compliance report and suggests remediation steps for identified violations.