commit e854884f3a6cb7385694fdefecc34e3bd2b5a906 Author: Zhongwei Li Date: Sun Nov 30 08:22:27 2025 +0800 Initial commit diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json new file mode 100644 index 0000000..7605659 --- /dev/null +++ b/.claude-plugin/plugin.json @@ -0,0 +1,15 @@ +{ + "name": "security-audit-reporter", + "description": "Generate comprehensive security audit reports", + "version": "1.0.0", + "author": { + "name": "Jeremy Longshore", + "email": "[email protected]" + }, + "skills": [ + "./skills" + ], + "commands": [ + "./commands" + ] +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..5fb8dd7 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# security-audit-reporter + +Generate comprehensive security audit reports diff --git a/commands/audit-report.md b/commands/audit-report.md new file mode 100644 index 0000000..0826ddc --- /dev/null +++ b/commands/audit-report.md @@ -0,0 +1,68 @@ +--- +description: Generate comprehensive security audit report +shortcut: auditreport +--- + +# Security Audit Reporter + +Generate comprehensive security audit reports covering vulnerabilities, compliance status, and remediation roadmap. + +## Report Components + +1. **Executive Summary** + - Overall security posture + - Critical findings count + - Risk score and trend analysis + - Business impact assessment + +2. **Vulnerability Assessment** + - All identified vulnerabilities + - CVSS scores and severity ratings + - Affected systems and components + - Exploitation likelihood + +3. **Compliance Status** + - OWASP Top 10 coverage + - Regulatory compliance (GDPR, HIPAA, PCI-DSS, SOC2) + - Industry standards adherence + - Gap analysis + +4. **Security Controls** + - Authentication mechanisms + - Authorization controls + - Encryption implementation + - Logging and monitoring + - Incident response readiness + +5. **Remediation Roadmap** + - Prioritized fix list + - Effort estimates + - Implementation timeline + - Resource requirements + +## Report Formats + +- **PDF** - Executive presentations +- **HTML** - Interactive dashboards +- **JSON** - Automated processing +- **Markdown** - Documentation + +## Audit Scope + +The audit covers: +- Application security +- Infrastructure security +- Network security +- Data security +- Access control +- Compliance requirements +- Security policies +- Incident response procedures + +## Best Practices + +- Run quarterly security audits +- Track remediation progress +- Share with stakeholders +- Maintain audit history +- Update security policies based on findings diff --git a/plugin.lock.json b/plugin.lock.json new file mode 100644 index 0000000..7b9bfdc --- /dev/null +++ b/plugin.lock.json @@ -0,0 +1,61 @@ +{ + "$schema": "internal://schemas/plugin.lock.v1.json", + "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/security-audit-reporter", + "normalized": { + "repo": null, + "ref": "refs/tags/v20251128.0", + "commit": "8e2f27b24442a728f8c6c3b541377f9f0185c99a", + "treeHash": "9e645b02311de436f9788147620e7bc72d1193a143c6723fb6023f48869a1134", + "generatedAt": "2025-11-28T10:18:43.779349Z", + "toolVersion": "publish_plugins.py@0.2.0" + }, + "origin": { + "remote": "git@github.com:zhongweili/42plugin-data.git", + "branch": "master", + "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390", + "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data" + }, + "manifest": { + "name": "security-audit-reporter", + "description": "Generate comprehensive security audit reports", + "version": "1.0.0" + }, + "content": { + "files": [ + { + "path": "README.md", + "sha256": "75783006fc3138091a966b5e44c05c4e7e3c180eaa8d5926a45ffd2b0bba3332" + }, + { + "path": ".claude-plugin/plugin.json", + "sha256": "a6b53d14e88e5cb2a35c9af03969fdb84fc0d8bfe3edd3ee0e78765f519f7712" + }, + { + "path": "commands/audit-report.md", + "sha256": "4e7ef30de9aa62d198fea0be1619ee740e5f0463d370e577c87f1e2bf09b4d72" + }, + { + "path": "skills/security-audit-reporter/SKILL.md", + "sha256": "bf8eaed072bf60a8c992fbca40b90eb9237c665411b9e408d6215238443c7a9d" + }, + { + "path": "skills/security-audit-reporter/references/README.md", + "sha256": "9511a40851cfa369141de2dd3c0d790b6f5790025307cf6f664f4fd4b08cd415" + }, + { + "path": "skills/security-audit-reporter/scripts/README.md", + "sha256": "a4bfcdb6efef41976c903635da437d0b3c8c160f8424e392b17dc34c64ef3908" + }, + { + "path": "skills/security-audit-reporter/assets/README.md", + "sha256": "26eae2fbe092782479f769758f96f2a110e06846c2aeb050072cfb26d99988c0" + } + ], + "dirSha256": "9e645b02311de436f9788147620e7bc72d1193a143c6723fb6023f48869a1134" + }, + "security": { + "scannedAt": null, + "scannerVersion": null, + "flags": [] + } +} \ No newline at end of file diff --git a/skills/security-audit-reporter/SKILL.md b/skills/security-audit-reporter/SKILL.md new file mode 100644 index 0000000..a6be4fe --- /dev/null +++ b/skills/security-audit-reporter/SKILL.md @@ -0,0 +1,52 @@ +--- +name: generating-security-audit-reports +description: | + This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`. +allowed-tools: Read, Write, Edit, Grep, Glob, Bash +version: 1.0.0 +--- + +## Overview + +This skill allows Claude to create detailed security audit reports. It analyzes existing security data, identifies vulnerabilities, assesses compliance with industry standards, and suggests remediation steps. The generated reports can be used to improve an organization's security posture and meet compliance requirements. + +## How It Works + +1. **Data Collection**: Claude gathers data from various security tools and sources. +2. **Analysis**: The plugin analyzes the collected data to identify vulnerabilities and compliance issues. +3. **Report Generation**: Claude compiles the findings into a comprehensive security audit report, including an executive summary, vulnerability details, compliance status, and remediation recommendations. + +## When to Use This Skill + +This skill activates when you need to: +- Generate a comprehensive security audit report. +- Assess the security posture of an application or system. +- Identify vulnerabilities and compliance issues. + +## Examples + +### Example 1: Security Posture Assessment + +User request: "Create a security audit report for our web application." + +The skill will: +1. Analyze the web application's security data. +2. Generate a report outlining vulnerabilities, compliance status, and remediation recommendations. + +### Example 2: Compliance Audit + +User request: "/auditreport for PCI-DSS compliance" + +The skill will: +1. Analyze the current system configurations and security measures. +2. Generate a report focused on PCI-DSS compliance, highlighting areas of non-compliance and recommended actions. + +## Best Practices + +- **Clarity**: Provide specific details about the system or application you want to audit. +- **Context**: Mention any relevant compliance standards (e.g., PCI-DSS, GDPR, HIPAA) to focus the audit. +- **Review**: Always review the generated report for accuracy and completeness. + +## Integration + +This skill can be integrated with other security tools and plugins to enhance data collection and analysis. It provides a central point for generating security audit reports from various sources. \ No newline at end of file diff --git a/skills/security-audit-reporter/assets/README.md b/skills/security-audit-reporter/assets/README.md new file mode 100644 index 0000000..7009ffb --- /dev/null +++ b/skills/security-audit-reporter/assets/README.md @@ -0,0 +1,8 @@ +# Assets + +Bundled resources for security-audit-reporter skill + +- [ ] report_template.html: HTML template for generating security audit reports. +- [ ] report_template.pdf: PDF template for generating security audit reports. +- [ ] example_report.json: Example security audit report in JSON format. +- [ ] example_report.md: Example security audit report in Markdown format. diff --git a/skills/security-audit-reporter/references/README.md b/skills/security-audit-reporter/references/README.md new file mode 100644 index 0000000..7b0bc4d --- /dev/null +++ b/skills/security-audit-reporter/references/README.md @@ -0,0 +1,12 @@ +# References + +Bundled resources for security-audit-reporter skill + +- [ ] owasp_top_10.md: Documentation on OWASP Top 10 vulnerabilities. +- [ ] gdpr_compliance.md: Guidelines for GDPR compliance. +- [ ] hipaa_security_rule.md: Details of HIPAA Security Rule. +- [ ] pci_dss_requirements.md: PCI DSS requirements. +- [ ] soc2_criteria.md: SOC2 criteria. +- [ ] nmap_documentation.md: Nmap tool documentation. +- [ ] nessus_documentation.md: Nessus tool documentation. +- [ ] openvas_documentation.md: OpenVAS tool documentation. diff --git a/skills/security-audit-reporter/scripts/README.md b/skills/security-audit-reporter/scripts/README.md new file mode 100644 index 0000000..821eb76 --- /dev/null +++ b/skills/security-audit-reporter/scripts/README.md @@ -0,0 +1,8 @@ +# Scripts + +Bundled resources for security-audit-reporter skill + +- [ ] security_scan.py: Automates security scanning using tools like Nmap, Nessus, or OpenVAS. +- [ ] report_formatter.py: Formats security scan results into a standardized report format (JSON, Markdown, HTML). +- [ ] compliance_checker.py: Checks the report against compliance standards like OWASP, GDPR, HIPAA, PCI-DSS, SOC2. +- [ ] remediation_suggestions.py: Provides remediation suggestions based on the identified vulnerabilities.